Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan:DOS/Aleuron.A Virus [Closed]


  • This topic is locked This topic is locked

#1
Firemedic828

Firemedic828

    Member

  • Member
  • PipPip
  • 11 posts
I have a HP DV7 Laptop running Windows 7 Home Premium, with service pack 1. It is a 64-bit system. Earlier this summer, I noticed I was having a strange DOS window pop up when I started up the computer. I also had multiple times where I woudl go to a Windows Start-up repair screen. I was running PandaCloud anti-virus at the time. I went to check my anti-virus and noticed that it was missing. I tried to reinstall it, but as soon as I would restart the computer, the anti-virus would disappear. I then deleted the panda antivirus and installed Microsoft Security Essentials. I ran a scan with taht and it showed a bunch of spyware, malware. and viruses. I used that program to remove the infections. Next time I restarted the computer, it popped up that I had the Aleuron virus. I hit the button to remove it. A window popped up saying that "Additional cleaning required. Detected threats could not be cleaned......run Windows Defender offline..." I have downloaded that onto a USB and to a dvd and run it offline multiple times. Each time, the computer will say the infection has been cleaned. It will appear to work until I restart the computer, then the same process will start again.

I have avoided using my laptop for the last month or so, once my classes finished at work.I ran OTL and attached the log below. I am currently using my wife's computer.

OTL logfile created on: 11/16/2012 8:39:27 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 34.78% Memory free
11.90 Gb Paging File | 7.97 Gb Available in Paging File | 66.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.12 Gb Total Space | 441.68 Gb Free Space | 76.27% Space Free | Partition Type: NTFS
Drive D: | 16.76 Gb Total Space | 2.10 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.61 Gb Free Space | 85.40% Space Free | Partition Type: FAT

Computer Name: DONWARD-HP | User Name: Don Ward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/16 08:18:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/23 13:26:24 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/09/01 16:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/11 01:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/07 08:06:00 | 000,249,672 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2010/12/07 08:05:52 | 000,634,696 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2010/12/07 08:05:38 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/18 14:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/07/29 21:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/16 17:52:14 | 000,331,776 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
PRC - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 06:45:10 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 06:45:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 06:31:53 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/13 06:22:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 20:20:32 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e7cd67fc34ad0fc611c1e1244cfc6584\IAStorCommon.ni.dll
MOD - [2012/05/12 20:18:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 20:18:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 20:18:16 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 20:18:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 20:18:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 20:18:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/22 16:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 16:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 16:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/11/18 15:09:10 | 001,699,384 | ---- | M] () -- C:\Users\Don Ward\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 14:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Don Ward\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 17:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 17:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/03/23 13:28:51 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/03/23 13:28:50 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/07/27 20:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 19:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 19:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/27 10:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/12/30 20:10:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/29 21:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/20 19:19:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/23 13:27:37 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 16:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/07 08:06:00 | 000,249,672 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/28 14:22:48 | 000,020,784 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2012/05/11 06:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/05/11 06:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/23 13:28:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/23 13:27:37 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/03/23 13:26:24 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/03/23 13:26:24 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/03/23 13:25:20 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/20 19:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/08 06:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 16:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/10 12:37:16 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/27 10:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 10:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 22:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/30 20:39:22 | 008,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/30 19:33:06 | 000,292,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/16 20:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/12/16 20:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/11 01:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 07:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/20 16:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 16:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 16:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/07/14 09:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/02 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser2.sys -- (NWVMPort2)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser.sys -- (NWVMPort)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmmdm.sys -- (NWVMModem)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/11/16 08:21:29 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E24116F-0BFD-40CC-A425-AC2E4B2BF27D}\MpKslba3aa47d.sys -- (MpKslba3aa47d)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {b7fca997-d0fb-4fe0-8afd-255e89cf9671}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{BBE3009B-DE5D-4C55-BA51-37954B908D8D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/26 21:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 15:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/07 23:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/07 23:11:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 12:36:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 15:20:49 | 000,000,000 | ---D | M]

[2011/05/06 06:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Extensions
[2012/08/01 16:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions
[2012/08/07 23:11:37 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/08/01 16:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions\[email protected]
[2012/08/16 16:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/25 21:30:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/07 23:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/08/16 16:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/05/07 05:12:43 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/11/13 15:39:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/12/12 10:25:05 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 17:01:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/08/01 16:06:43 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/01 16:06:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/27 10:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml
[2012/08/01 16:06:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Set UA String (BHO)) - {3CE56DB6-FCBE-4422-9454-63C354178985} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: UA Button - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O9 - Extra 'Tools' menuitem : Set UA St&ring - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmai..._downloader.cab (Closet Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B491DA81-27F7-4053-B0AA-9E80BC24141D}: DhcpNameServer = 65.32.5.111 65.32.5.112 0.0.0.0
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b0c7fcb3-7bdd-11e0-8953-cc52af7932e1}\Shell - "" = AutoRun
O33 - MountPoints2\{b0c7fcb3-7bdd-11e0-8953-cc52af7932e1}\Shell\AutoRun\command - "" = G:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/05 22:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UAPick
[2012/11/05 22:16:23 | 000,113,608 | ---- | C] (Bayden Systems) -- C:\Users\Don Ward\Desktop\UAPickSetup.exe
[2012/11/05 21:56:58 | 000,020,784 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2012/11/05 21:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Stream
[2012/11/05 21:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/10/24 16:37:10 | 000,000,000 | ---D | C] -- C:\73534f5037c0c4bb2c7f7bf6
[2012/10/20 08:01:31 | 000,000,000 | ---D | C] -- C:\cfad15b7ff69dfb697f1208557276373

========== Files - Modified Within 30 Days ==========

[2012/11/16 08:41:47 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/16 08:41:47 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/16 08:41:47 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/16 08:40:21 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDon Ward.job
[2012/11/16 08:32:28 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 08:32:28 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 08:21:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/16 08:21:10 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/05 23:10:24 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/11/05 23:08:23 | 000,002,148 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/05 22:19:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/05 22:14:42 | 000,113,608 | ---- | M] (Bayden Systems) -- C:\Users\Don Ward\Desktop\UAPickSetup.exe
[2012/10/28 14:22:48 | 000,020,784 | ---- | M] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2012/10/19 10:23:44 | 495,116,030 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/11/05 21:57:30 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
[2012/09/25 11:40:15 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/01 18:31:47 | 000,007,605 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\Resmon.ResmonCfg
[2012/08/01 16:00:24 | 000,161,719 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\census.cache
[2012/08/01 16:00:21 | 000,113,549 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\ars.cache
[2012/08/01 15:49:34 | 000,000,036 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\housecall.guid.cache
[2012/03/23 13:25:25 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/19 17:39:44 | 000,026,624 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 15:17:26 | 000,232,957 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011/05/18 15:17:26 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2011/05/06 15:46:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/26 21:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/26 21:07:24 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/04/26 21:06:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/26 21:06:36 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/26 21:06:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/26 21:06:35 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/10 23:01:11 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/20 20:25:37 | 000,000,135 | ---- | C] () -- C:\Users\Don Ward\AppData\Roaming\default.pls
[2008/05/21 15:03:50 | 000,000,042 | ---- | C] () -- C:\Users\Don Ward\default.pls

========== ZeroAccess Check ==========

[2012/08/01 17:38:29 | 000,000,000 | -HSD | M] -- C:\Windows\Installer\{96f3d1ab-4200-38c7-4661-32f7fdef6143}\U
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{96f3d1ab-4200-38c7-4661-32f7fdef6143}\L
[2011/11/17 01:41:18 | 000,000,000 | -HSD | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{96f3d1ab-4200-38c7-4661-32f7fdef6143}\U
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/01 16:06:33 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Babylon
[2012/08/07 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\BabylonToolbar
[2012/05/08 08:20:56 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\BitTorrent
[2011/05/27 08:49:54 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Blackberry Desktop
[2012/01/12 15:04:31 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\calibre
[2011/12/12 10:25:05 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Catalina Marketing Corp
[2012/11/06 01:48:05 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\ICAClient
[2012/08/22 12:56:21 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Panda Security
[2011/05/05 08:55:09 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\PictureMover
[2011/05/06 14:28:12 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Research In Motion
[2011/05/05 08:54:01 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Synaptics
[2011/06/14 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there lets get you cleaned up

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Files
C:\Windows\Installer\{96f3d1ab-4200-38c7-4661-32f7fdef6143}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{96f3d1ab-4200-38c7-4661-32f7fdef6143}

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

AND FINALLY

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.
  • 0

#3
Firemedic828

Firemedic828

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL Scan... I actually got two reports?!?

Report #1:
OTL logfile created on: 11/16/2012 3:29:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.56 Gb Available Physical Memory | 76.71% Memory free
11.90 Gb Paging File | 10.41 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.12 Gb Total Space | 452.35 Gb Free Space | 78.11% Space Free | Partition Type: NTFS
Drive D: | 16.76 Gb Total Space | 2.10 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.60 Gb Free Space | 84.97% Space Free | Partition Type: FAT

Computer Name: DONWARD-HP | User Name: Don Ward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/16 08:18:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/03/23 13:26:24 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/09/01 16:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/30 19:01:12 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2010/12/11 01:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/07 08:06:00 | 000,249,672 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2010/12/07 08:05:52 | 000,634,696 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2010/12/07 08:05:38 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/11/18 14:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/07/21 17:33:00 | 000,008,192 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/16 17:52:14 | 000,331,776 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
PRC - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/13 06:45:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 06:31:53 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012/06/13 06:22:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 20:18:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 20:18:16 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 20:18:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 20:18:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 20:18:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/22 16:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 16:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 16:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/11/18 15:09:10 | 001,699,384 | ---- | M] () -- C:\Users\Don Ward\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 14:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Don Ward\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/07/21 17:33:00 | 000,008,192 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 17:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 17:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/03/23 13:28:51 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/03/23 13:28:50 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/07/27 20:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 19:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 19:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/27 10:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/12/30 20:10:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/29 21:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/20 19:19:21 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/23 13:27:37 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/09 16:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 16:06:50 | 000,227,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/07 08:06:00 | 000,249,672 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/28 14:22:48 | 000,020,784 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2012/05/11 06:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/05/11 06:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/23 13:28:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/23 13:27:37 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/03/23 13:26:24 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/03/23 13:26:24 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/03/23 13:25:20 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/20 19:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/08 06:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 16:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/10 12:37:16 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/27 10:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 10:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 22:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/30 20:39:22 | 008,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/30 19:33:06 | 000,292,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/16 20:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/12/16 20:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/11 01:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 07:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/20 16:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 16:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 16:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/07/14 09:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/02 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser2.sys -- (NWVMPort2)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser.sys -- (NWVMPort)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmmdm.sys -- (NWVMModem)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {b7fca997-d0fb-4fe0-8afd-255e89cf9671}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{BBE3009B-DE5D-4C55-BA51-37954B908D8D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/26 21:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 15:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/07 23:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/07 23:11:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 12:36:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 15:20:49 | 000,000,000 | ---D | M]

[2011/05/06 06:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Extensions
[2012/08/01 16:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions
[2012/08/07 23:11:37 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/08/01 16:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions\[email protected]
[2012/08/16 16:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/25 21:30:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/07 23:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/08/16 16:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/05/07 05:12:43 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/11/13 15:39:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/12/12 10:25:05 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 17:01:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/08/01 16:06:43 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/01 16:06:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/27 10:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml
[2012/08/01 16:06:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/16 14:45:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Set UA String (BHO)) - {3CE56DB6-FCBE-4422-9454-63C354178985} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: UA Button - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O9 - Extra 'Tools' menuitem : Set UA St&ring - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmai..._downloader.cab (Closet Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B491DA81-27F7-4053-B0AA-9E80BC24141D}: DhcpNameServer = 65.32.5.111 65.32.5.112 0.0.0.0
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b0c7fcb3-7bdd-11e0-8953-cc52af7932e1}\Shell - "" = AutoRun
O33 - MountPoints2\{b0c7fcb3-7bdd-11e0-8953-cc52af7932e1}\Shell\AutoRun\command - "" = G:\LiteAuto.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/05 22:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UAPick
[2012/11/05 22:16:23 | 000,113,608 | ---- | C] (Bayden Systems) -- C:\Users\Don Ward\Desktop\UAPickSetup.exe
[2012/11/05 21:56:58 | 000,020,784 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2012/11/05 21:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Stream
[2012/11/05 21:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2012/10/24 16:37:10 | 000,000,000 | ---D | C] -- C:\73534f5037c0c4bb2c7f7bf6
[2012/10/20 08:01:31 | 000,000,000 | ---D | C] -- C:\cfad15b7ff69dfb697f1208557276373

========== Files - Modified Within 30 Days ==========

[2012/11/16 15:28:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/16 15:27:58 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/16 15:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/16 14:45:35 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/11/16 14:03:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 14:03:18 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/16 14:01:00 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/16 14:01:00 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/16 14:01:00 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/16 13:56:04 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDon Ward.job
[2012/11/05 23:10:24 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/11/05 23:08:23 | 000,002,148 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/05 22:14:42 | 000,113,608 | ---- | M] (Bayden Systems) -- C:\Users\Don Ward\Desktop\UAPickSetup.exe
[2012/10/28 14:22:48 | 000,020,784 | ---- | M] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2012/10/19 10:23:44 | 495,116,030 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/11/05 21:57:30 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
[2012/09/25 11:40:15 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/01 18:31:47 | 000,007,605 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\Resmon.ResmonCfg
[2012/08/01 16:00:24 | 000,161,719 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\census.cache
[2012/08/01 16:00:21 | 000,113,549 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\ars.cache
[2012/08/01 15:49:34 | 000,000,036 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\housecall.guid.cache
[2012/03/23 13:25:25 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/19 17:39:44 | 000,026,624 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 15:17:26 | 000,232,957 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011/05/18 15:17:26 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2011/05/06 15:46:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/26 21:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/26 21:07:24 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/04/26 21:06:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/26 21:06:36 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/26 21:06:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/26 21:06:35 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/10 23:01:11 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/20 20:25:37 | 000,000,135 | ---- | C] () -- C:\Users\Don Ward\AppData\Roaming\default.pls
[2008/05/21 15:03:50 | 000,000,042 | ---- | C] () -- C:\Users\Don Ward\default.pls

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/01 16:06:33 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Babylon
[2012/08/07 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\BabylonToolbar
[2012/05/08 08:20:56 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\BitTorrent
[2011/05/27 08:49:54 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Blackberry Desktop
[2012/01/12 15:04:31 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\calibre
[2011/12/12 10:25:05 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Catalina Marketing Corp
[2012/11/06 01:48:05 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\ICAClient
[2012/08/22 12:56:21 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Panda Security
[2011/05/05 08:55:09 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\PictureMover
[2011/05/06 14:28:12 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Research In Motion
[2011/05/05 08:54:01 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Synaptics
[2011/06/14 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

Report #2
OTL Extras logfile created on: 11/16/2012 3:29:36 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 4.56 Gb Available Physical Memory | 76.71% Memory free
11.90 Gb Paging File | 10.41 Gb Available in Paging File | 87.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.12 Gb Total Space | 452.35 Gb Free Space | 78.11% Space Free | Partition Type: NTFS
Drive D: | 16.76 Gb Total Space | 2.10 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
Drive F: | 1.89 Gb Total Space | 1.60 Gb Free Space | 84.97% Space Free | Partition Type: FAT

Computer Name: DONWARD-HP | User Name: Don Ward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0224F7D4-0A73-4EB7-A778-FF6ECE181E0E}" = lport=139 | protocol=6 | dir=in | app=system |
"{0FBDE9E3-3F14-4F32-A0A6-BA49D4C03170}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{13831BE8-D947-478B-8485-54FC4627D22F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15F452BA-8172-47D4-B420-DCD34ED2AA76}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{1CE5D72C-C95F-4FFD-AED6-9126B829C090}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2C888B23-597E-4A7A-9E9A-563803D65F57}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{381801D2-1AE4-4F08-B2FC-C7C29FEFE4C7}" = lport=445 | protocol=6 | dir=in | app=system |
"{3A1B705E-A5FA-4962-974D-147E4D160669}" = rport=137 | protocol=17 | dir=out | app=system |
"{400C84EF-5B8F-431D-A31C-243141ADE91D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4A867C7A-2EBF-4EBA-ABE8-101394CF77A5}" = rport=445 | protocol=6 | dir=out | app=system |
"{53923269-7A3D-4EF4-AB5D-F4563D06E950}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{5EF3F8C1-5408-4575-BFF1-86553D6B0ED6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7261E62F-B75C-4EAA-AB85-F4E6A19FEB98}" = lport=10243 | protocol=6 | dir=in | app=system |
"{790AC4FD-DA4C-41C0-8BD0-F96022EA8BD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A1674B0-E4F7-4C15-BC45-DB4458F2B892}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7FC47BBD-9A6C-49B6-A1DF-5E5D36BE5842}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7FFE44BA-FFBE-467C-9F23-AF630C97CC78}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{86A6398E-1332-48A6-B896-334B3DAB9FD8}" = rport=138 | protocol=17 | dir=out | app=system |
"{8F73A4FB-778D-4EDB-B723-13D6C16845C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91D84A3C-B7E4-4A5E-A335-B2A5ABA16438}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{92D8D5FC-2729-4412-B455-1D38B0DE2029}" = lport=138 | protocol=17 | dir=in | app=system |
"{98BBF111-9EEB-4ADA-AF6D-63A61B705B46}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A52B87EE-D19F-472F-8C3D-8E6FAB157B55}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{A560911D-8AE5-4107-BE38-B3D60F94CCE7}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{A6C8E41D-F7C4-4697-93EE-419DDEDB952C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AB82916D-3596-4CD5-8F33-6AC0FAC953B0}" = rport=139 | protocol=6 | dir=out | app=system |
"{B09B1F05-A6A8-463C-AAE8-1A7DB17E9454}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E5382943-E442-4B35-93D5-78BC99336FDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F0C75358-6A8B-4918-828D-95D7BBD792B9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F6F3F7B7-66B3-4BC2-AE3C-70663A09B81B}" = lport=137 | protocol=17 | dir=in | app=system |
"{FDC040AF-DA3E-498E-9AFC-2907F0718F20}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B0606C-2B92-480C-8FEF-50938E5B1F97}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{07387067-7F98-4269-9946-B25805B3DB21}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{0B5C2028-1752-47B6-A559-7D4BDA2F1DB2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{12068686-9B33-4ABD-9C91-475B778E29A1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{1299A135-648B-4ED7-9F0B-EA3402CC48DA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{1395BE29-87ED-4F7A-9BBF-293F25E0064D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{156E56F7-5DEF-4315-8D50-59704E694D89}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15DA40C4-8A7E-42AD-90B7-78ED8A955D0D}" = protocol=58 | dir=in | [email protected],-28545 |
"{17967D52-C364-4DC6-9103-02E38FEC57C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{196C0E6B-DD00-47F1-B173-3E5AAEF16ECD}" = protocol=1 | dir=in | [email protected],-28543 |
"{2240763E-2225-4562-871F-07F69A119A7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{243B48F8-0F96-4174-8C60-959E9CD299E2}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{31D798EB-2B2E-43F3-AAF3-FD565B1B9019}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35E7C63B-7E21-41B6-9AD3-AD150BA7F8B4}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{40E44466-66AC-4A90-89D4-6E69F36CBBCE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{478FA8F3-2D22-4029-80F9-AD3BFB079844}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{4CDE0E0A-DD48-46BA-9776-423DCF2A932F}" = protocol=6 | dir=out | app=system |
"{51096432-7193-4E17-AD65-1833C1335B24}" = dir=in | app=c:\program files (x86)\tmbot\tm-update.exe |
"{53DE234A-E8DF-4D8E-A67C-2FB89374E9D8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{55DF1FCD-BBAA-4017-A967-B84BE4B39C1D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5C4AA6B2-4472-47E1-ABB6-4E5A4A771FD0}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{5EF82E2C-D53B-4C1D-B91E-176BB481A85A}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{7256B2FF-273D-4EDC-8FE9-8450401E0F1D}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{7465219F-0B68-46B2-B893-975C160C148F}" = protocol=58 | dir=out | [email protected],-28546 |
"{7624F0B6-7F27-436B-8F10-9CEF5E07420B}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{77C2D11B-C68A-487D-8019-8F87D057D2B8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{79120B59-D665-4464-9112-A06CC601922A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{7A8FDE14-637B-4B12-8613-4E2B987D4E2F}" = dir=in | app=c:\program files (x86)\tmbot\dj-browser.exe |
"{7E7974B3-F118-4DA7-845A-19DB1D845E8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{7FCCEFF2-837B-428C-97AD-3E868AFD7012}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{821AA161-2761-41C6-8A5A-E0643819351F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{899699EA-461F-4E6B-B206-F9EA18DCEED4}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{8DF43461-D96F-4727-9472-F92074CEFA45}" = protocol=6 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{95CF3F2E-8812-45C1-AD19-5EA5952BC165}" = protocol=1 | dir=out | [email protected],-28544 |
"{97EC120C-4FA8-4691-BF88-0B12538C529E}" = dir=in | app=c:\program files (x86)\tmbot\tm.exe |
"{9CE5C4F0-4924-49BB-8628-96F38BDE3068}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{9DE57A15-2263-41AC-A58C-FE8797D87802}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9EB5597A-21DF-4244-8398-D686F6C09F33}" = dir=out | app=c:\program files (x86)\tmbot\tm.exe |
"{A78CAF66-9590-4236-A4B7-9BAB77EE9D62}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A9973619-4B80-4454-B887-47CCA9E611B2}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\hp1006mc.exe |
"{ADAD0E3B-C421-4135-BC23-D73A7D2E856D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AEB9C3C4-BDDA-4757-989E-30A85469B19F}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{B2596334-DD27-4349-93FA-4D65B0B7E4A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B29F43B2-1258-4D5C-831D-48DAD9E17949}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{B400BF88-A793-41FD-BF0C-009D61B9B248}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{B6AAB3D0-7EE9-4A1D-8076-79CE08FEC666}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{BC492741-6216-4A2E-AAA4-4399465F6D79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BF1B515D-9661-4974-9D1C-CC06ACED21A6}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{C15FD3D7-D3E0-4A12-A11D-DE4EE428ACC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C30059CF-29FC-47AE-BF3B-4737AC77CA1D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{C8366571-3FF4-4669-B502-DD453C3BCAB1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{C9C66CCC-BA41-40C9-B167-E786230DF450}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D53981D8-DDBF-493B-ABA0-59F90E3C07EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8584B00-DE55-4922-99C1-C3AA9AA39E6D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D93B8B56-A24E-4263-848B-08C4AD59B95D}" = protocol=17 | dir=in | app=c:\program files (x86)\bittorrent\bittorrent.exe |
"{DD642AC6-180B-4DD1-B9F2-18D5AA520D9D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E0437FC9-2B87-4556-874A-1BBDB10783F9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E062DFE9-83C6-4B08-84DF-6B29F155BAA7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{E3B7E078-1F35-4D13-B168-DBDE2279BEBF}" = dir=out | app=c:\program files (x86)\hewlett-packard\hp clouddrive\zumodrive.exe |
"{EBB4D6D2-AE48-49A8-8D19-2A67D2541DDB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{F65D4B03-E9FB-4215-BB8E-DE53E8499D0C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{F9F3652E-3E34-4DCC-BC35-2AE0E0327F01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{FB5738D7-ADC4-4196-906E-1E5FD96A3397}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"TCP Query User{584A2C3A-1F30-43E8-9DBE-3BF36A8C0B3D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B2A488E7-443B-4C7A-9EE6-F6A56B2FCDFE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}" = HP Wireless Assistant
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java™ 6 Update 22 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2E794F67-DAC1-C4A3-9128-0C841DF8A1BE}" = ATI Catalyst Install Manager
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = Broadcom 2070 Bluetooth 3.0
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C81EFA5-CB79-4EAE-9DED-92C3521EB486}" = EasyTether
"{5601F151-A69F-4E30-8C60-37928124CD07}" = HP 3D DriveGuard
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{7DD41AE3-10F5-4C46-961C-FAE786519FFF}" = EasyTether ADB USB driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{BE930E38-7BB3-45B6-85B2-5251F374F844}" = 64 Bit HP CIO Components Installer
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F12CAF9A-1803-610D-C686-220E35980C99}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F86D9734-D358-4C5B-BC2B-6D90557FF05B}" = HP Officejet Pro 8500 A909 Series
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A143C9B-DCE4-5089-E3DE-12BBCA178C12}" = CCC Help Russian
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{0F7BFF8F-274A-05FE-2D37-A0C644424871}" = CCC Help Greek
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15775C9B-CD12-BDAF-F5FA-E06A7CB4F25D}" = CCC Help Korean
"{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix online plug-in (Web)
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28FE073B-1230-4BF6-830C-7434FD0C0069}" = HP Software Framework
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2B1E6CDB-306C-4C64-B192-1E465C5C3012}" = 8500A909g
"{2CAF2C07-3219-8143-0E1C-EB1E20223171}" = CCC Help Japanese
"{2CF48C8D-38F6-09E3-C24D-69999191726F}" = CCC Help Portuguese
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3436866E-2C3A-AC6F-C6CF-1ABFF5FB69A3}" = CCC Help Thai
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}" = Adobe Shockwave Player 11.5
"{3BC81D4E-0E14-472D-2DA4-CB51D9A21BAE}" = Catalyst Control Center InstallProxy
"{3CBC0CD2-18F0-523D-DA6A-B224C3C4B2CF}" = CCC Help French
"{3D69628B-4DE8-43C7-9A22-F90F5B870C08}" = ArcSoft TotalMedia Backup
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3D843732-70CD-4DEF-A36F-AEFB87C80DC9}" = ProductContext
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix online plug-in (USB)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}" = Blio
"{5175254C-4F5C-61DF-9647-306994652857}" = CCC Help Chinese Traditional
"{52FB1497-BBDD-F46F-2ADE-407148D63C65}" = CCC Help Dutch
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5486C37D-73E8-4C31-A3FA-D796494F8286}" = Catalyst Control Center - Branding
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{610A0147-10AB-D148-B6E1-503E40A444B9}" = CCC Help German
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix online plug-in (DV)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69754D89-C21E-4851-83C0-399DE63C6579}" = 8500A909_Help
"{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F9EA30A-2DD4-81B6-8A08-719EB8683C40}" = CCC Help Finnish
"{802C068E-0576-4F25-8137-D54B7DB0FC5E}" = HP Setup
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83F8B662-32C3-D1B6-8048-35ED4B94DC87}" = CCC Help Danish
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8AEA6737-8AF3-47BB-95CE-AAB62BE68985}" = MPM
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8d3ac0f3-14ee-49ab-9193-a8dbdc6fec0c}" = EasyTether
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94D44424-3A83-C25E-CB75-0703750714C2}" = Catalyst Control Center Localization All
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{954680D5-B7C6-E5BA-9B62-09A5AB1F8022}" = CCC Help Hungarian
"{95CEC285-7B63-3D66-0B3F-EF0D9116375C}" = CCC Help Spanish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A71D76FD-DF5A-4380-9D0C-7B3FEB80DE4C}" = HP Documentation
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2E32E3-B0C3-592C-8093-308249A70C82}" = PX Profile Update
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC4E477E-BBD4-4C68-8D6C-D10C3BB658F3}" = BPD_DSWizards
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B1AEF127-E01A-40D8-3CDC-F4C76BF2A42B}" = CCC Help Polish
"{B2C904FA-DB34-47A3-B8D6-50F4E7AC5808}" = Virgin Mobile Broadband Modem Drivers
"{B318D3D1-3421-4E2A-9C63-5D8FC2457B9C}" = 8500A909_eDocs
"{B584C0FA-5037-C2DB-8399-A3153101B066}" = Catalyst Control Center Graphics Previews Common
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C125CF1B-32B7-A63B-4DBE-72555A1D4730}" = CCC Help Italian
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2E21D9B-8AD7-588F-9BE9-70054C864D20}" = CCC Help Norwegian
"{C39B7B95-5009-4C64-B25B-B1AD6BDD9E8F}" = Broadband2Go
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6399FF6-7BDF-F604-E493-76B47CF59C15}" = CCC Help Swedish
"{D79531DC-85D7-997F-4083-CE65505F1B7E}" = Catalyst Control Center Profiles Mobile
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1ACFF16-2555-48B0-8EFB-008818A42613}" = calibre
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44578C7-4667-4124-8BC2-1161BCA54978}" = HP Power Manager
"{E7117563-58FF-5A50-664D-619DA8B5E3BF}" = CCC Help Chinese Standard
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED3D587B-9B2E-9F1F-723E-CE137F82CA85}" = ccc-core-static
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F1DD6CD2-6734-4089-9EF5-441F51E083B6}" = HP SimplePass 2011
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix online plug-in (HDX)
"{FB3F7ACE-1633-5A41-250A-FA00E95EE402}" = CCC Help Czech
"{FC18709C-C93F-6BF7-904A-43B0125725ED}" = CCC Help English
"{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}" = LightScribe System Software
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BitTorrent" = BitTorrent
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Broadband2Go" = Broadband2Go
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"File Shredder_is1" = File Shredder 2.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"My HP Game Console" = HP Game Console
"Picasa 3" = Picasa 3
"ProInst" = Intel PROSet Wireless
"TMbot_0" = TMbot 4.1.7
"UAPick" = Bayden UAPick
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087360" = Escape Rosecliff Island
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087372" = Heroes of Hellas 2 - Olympia
"WT087379" = Jewel Quest Solitaire 2
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087414" = Virtual Families
"WT087415" = Wheel of Fortune 2
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089299" = Mystery P.I. - The London Caper
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"YTdetect" = Yahoo! Detect
"ZumoDrive" = HP CloudDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2012 5:37:15 PM | Computer Name = DonWard-HP | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing.
The previous version of Security Essentials was restored. Error code:0x80070643.
Fatal error during installation.

Error - 11/5/2012 10:54:33 PM | Computer Name = DonWard-HP | Source = MsiInstaller | ID = 10005
Description =

Error - 11/5/2012 10:54:40 PM | Computer Name = DonWard-HP | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing.
The previous version of Security Essentials was restored. Error code:0x80070643.
Fatal error during installation.

Error - 11/6/2012 12:08:23 AM | Computer Name = DonWard-HP | Source = MsiInstaller | ID = 10005
Description =

Error - 11/6/2012 12:08:23 AM | Computer Name = DonWard-HP | Source = Microsoft Security Client Setup | ID = 100
Description = HRESULT:0x80070643 Description:Cannot complete the Security Essentials
Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing.
The previous version of Security Essentials was restored. Error code:0x80070643.
Fatal error during installation.

Error - 11/16/2012 9:23:21 AM | Computer Name = DonWard-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process
id: 0x1298 Faulting application start time: 0x01cdc3fd6accecdd Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: c9f9d67e-2ff0-11e2-b161-cc52af7932e1

Error - 11/16/2012 9:25:50 AM | Computer Name = DonWard-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000420 Fault offset: 0x00013ce2 Faulting process id: 0xb18 Faulting application
start time: 0x01cdc3fd936a4850 Faulting application path: \\.\globalroot\systemroot\svchost.exe
Faulting
module path: unknown Report Id: 22e9fed0-2ff1-11e2-b161-cc52af7932e1

Error - 11/16/2012 9:28:35 AM | Computer Name = DonWard-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: mshtml.dll, version: 8.0.7601.17940, time
stamp: 0x5037b0d7 Exception code: 0xc0000005 Fault offset: 0x001edb46 Faulting process
id: 0x1fdc Faulting application start time: 0x01cdc3fe36a83381 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 85351ff3-2ff1-11e2-b161-cc52af7932e1

Error - 11/16/2012 9:34:27 AM | Computer Name = DonWard-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: SHLWAPI.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7b9e2 Exception code: 0xc0000005 Fault offset: 0x000199ed Faulting process
id: 0xe14 Faulting application start time: 0x01cdc3fe4ffeb94c Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\syswow64\SHLWAPI.dll
Report
Id: 56e8f8e6-2ff2-11e2-b161-cc52af7932e1

Error - 11/16/2012 9:40:46 AM | Computer Name = DonWard-HP | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc3c5 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00032949 Faulting process
id: 0x1238 Faulting application start time: 0x01cdc3ff4706ad01 Faulting application
path: \\.\globalroot\systemroot\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
Report
Id: 392a1473-2ff3-11e2-b161-cc52af7932e1

Error - 11/16/2012 3:25:41 PM | Computer Name = DonWard-HP | Source = SideBySide | ID = 16842827
Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet
Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.
Multiple
requestedPrivileges elements are not allowed in manifest.

Error - 11/16/2012 3:46:35 PM | Computer Name = DonWard-HP | Source = VSS | ID = 12344
Description =

[ Hewlett-Packard Events ]
Error - 7/8/2011 6:01:21 PM | Computer Name = DonWard-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071108060116.xml
File not created by asset agent

Error - 7/8/2011 6:01:24 PM | Computer Name = DonWard-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\071108060122.xml
File not created by asset agent

Error - 9/30/2011 4:07:41 PM | Computer Name = DonWard-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146232828 at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Message:
An exception occurred during the operation, making the result invalid. Check InnerException
for exception details. StackTrace: at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary()

at System.ComponentModel.RunWorkerCompletedEventArgs.get_Result() at HP.SupportAssistant.UI.HPAMain.bgNet_RunWorkerCompleted(Object
sender, RunWorkerCompletedEventArgs e) at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(RunWorkerCompletedEventArgs
e) at System.ComponentModel.BackgroundWorker.AsyncOperationCompleted(Object arg)

at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback,
Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object
source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler)
Source:
System InnerException.Message: Could not find file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoSI.xml'. Name: HPSF.exe Version: 06.00.01.01 Path:
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US
RAM:
6091 Ram Utilization: 60 TargetSite: Void RaiseExceptionIfNecessary()

Error - 12/2/2011 5:33:29 PM | Computer Name = DonWard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/25/2012 3:38:01 PM | Computer Name = DonWard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/25/2012 10:44:32 PM | Computer Name = DonWard-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 7/25/2012 10:44:37 PM | Computer Name = DonWard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/25/2012 10:44:57 PM | Computer Name = DonWard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/27/2012 8:54:13 PM | Computer Name = DonWard-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/27/2012 8:54:16 PM | Computer Name = DonWard-HP | Source = hpsa_service.exe | ID = 2000
Description =

[ HP Wireless Assistant Events ]
Error - 5/5/2011 9:06:19 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:06:26 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:07:34 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:07:42 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:08:50 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:08:57 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:10:05 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:10:13 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:11:20 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 5/5/2011 9:11:28 PM | Computer Name = DonWard-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ Media Center Events ]
Error - 5/29/2012 11:54:55 AM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 11:54:55 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 5/29/2012 12:55:02 PM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 12:55:02 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
404: The requested URL does not exist on the server. )

Error - 6/2/2012 3:52:11 PM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 3:52:11 PM - Error connecting to the internet. 3:52:11 PM - Unable
to contact server..

Error - 6/2/2012 3:52:26 PM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 3:52:16 PM - Error connecting to the internet. 3:52:16 PM - Unable
to contact server..

Error - 6/7/2012 12:57:30 PM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 12:57:30 PM - Failed to retrieve dSM-2.cab (Error: HTTP status 400:
The server cannot process the request because the syntax is not valid. )

Error - 6/7/2012 1:07:50 PM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 1:07:50 PM - Failed to retrieve SportsSchedule-2.enc (Error: HTTP
status 400: The server cannot process the request because the syntax is not valid.
)


Error - 6/7/2012 1:08:08 PM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 1:08:08 PM - Failed to retrieve Broadband-2.enc (Error: HTTP status
400: The server cannot process the request because the syntax is not valid. )

Error - 6/12/2012 8:27:48 AM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 8:27:46 AM - Error connecting to the internet. 8:27:46 AM - Unable
to contact server..

Error - 6/23/2012 11:26:20 AM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 11:26:20 AM - Error connecting to the internet. 11:26:20 AM - Unable
to contact server..

Error - 6/23/2012 11:26:29 AM | Computer Name = DonWard-HP | Source = MCUpdate | ID = 0
Description = 11:26:26 AM - Error connecting to the internet. 11:26:26 AM - Unable
to contact server..

[ OSession Events ]
Error - 5/28/2011 3:32:42 PM | Computer Name = DonWard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/10/2011 11:39:00 PM | Computer Name = DonWard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/12/2011 11:50:26 AM | Computer Name = DonWard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 42
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/14/2011 2:41:08 PM | Computer Name = DonWard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/22/2011 9:47:07 PM | Computer Name = DonWard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 707
seconds with 0 seconds of active time. This session ended with a crash.

Error - 12/5/2011 4:31:13 PM | Computer Name = DonWard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/27/2012 11:11:39 AM | Computer Name = DonWard-HP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 94
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:29:10 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft....5D-99752CCA7094

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072ee7 Error description: The server
name or address could not be resolved

Error - 11/16/2012 4:34:11 PM | Computer Name = DONWARD-HP | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402c Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.


< End of report >

Combofix Report
ComboFix 12-11-16.02 - Don Ward 11/16/2012 15:44:09.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3856 [GMT -5:00]
Running from: c:\users\Don Ward\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\windows\security\Database\tmp.edb
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 20:48 . 2012-11-16 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 03:16 . 2012-11-06 03:16 -------- d-----w- c:\program files (x86)\UAPick
2012-11-06 02:56 . 2012-11-06 02:56 -------- d-----w- c:\program files\Mobile Stream
2012-11-06 02:56 . 2012-10-28 19:22 20784 ----a-w- c:\windows\system32\drivers\easytthr.sys
2012-11-06 02:56 . 2012-11-06 02:56 -------- d-----w- c:\programdata\Package Cache
2012-10-24 21:37 . 2012-10-24 21:37 -------- d-----w- C:\73534f5037c0c4bb2c7f7bf6
2012-10-20 13:01 . 2012-10-20 13:01 -------- d-----w- C:\cfad15b7ff69dfb697f1208557276373
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 04:08 . 2011-05-07 16:20 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-21 00:19 . 2012-03-29 12:55 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 00:19 . 2011-05-14 14:27 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 07:27 . 2012-09-25 16:41 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FC93443-C5D4-4E8B-A2E0-1A27993EEB34}\mpengine.dll
2012-08-24 18:05 . 2012-09-25 16:39 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-25 16:39 1494528 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-25 16:39 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-25 16:39 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-25 16:39 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-25 16:39 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-25 16:39 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-25 16:39 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-25 16:39 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-25 16:39 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-09-25 16:39 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-25 16:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-25 16:39 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-20 23:19 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-20 23:20 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-20 23:19 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-20 23:19 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-11-06 03:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2012-10-28 56360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-03-23 113288]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-5-6 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys [2009-05-15 213376]
R3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys [2009-05-15 213376]
R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys [2009-05-15 213376]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-11 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-07 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-23 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-31 203776]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-23 2413056]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-08-24 82432]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-10-28 20784]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-12-17 12256512]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-03-23 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-03-23 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-23 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 428136]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 00:19]
.
2012-11-16 c:\windows\Tasks\HPCeeScheduleForDon Ward.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-09-21 c:\windows\Tasks\HPCeeScheduleForDONWARD-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-23 1128448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files (x86)\UAPick\UABtn.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 0.0.0.0
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-05-18 16:20; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 15:51:28
ComboFix-quarantined-files.txt 2012-11-16 20:51
.
Pre-Run: 485,816,758,272 bytes free
Post-Run: 485,082,959,872 bytes free
.
- - End Of File - - 1A68F0E7E1153BEFA031A70DDFDB3F3D

TDSS report.... Note, my computer did go to the "Blue screen of death" when it restarted, but it did eventually reboot.

ComboFix 12-11-16.02 - Don Ward 11/16/2012 15:44:09.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3856 [GMT -5:00]
Running from: c:\users\Don Ward\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Roaming
c:\windows\security\Database\tmp.edb
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-16 to 2012-11-16 )))))))))))))))))))))))))))))))
.
.
2012-11-16 20:48 . 2012-11-16 20:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-06 03:16 . 2012-11-06 03:16 -------- d-----w- c:\program files (x86)\UAPick
2012-11-06 02:56 . 2012-11-06 02:56 -------- d-----w- c:\program files\Mobile Stream
2012-11-06 02:56 . 2012-10-28 19:22 20784 ----a-w- c:\windows\system32\drivers\easytthr.sys
2012-11-06 02:56 . 2012-11-06 02:56 -------- d-----w- c:\programdata\Package Cache
2012-10-24 21:37 . 2012-10-24 21:37 -------- d-----w- C:\73534f5037c0c4bb2c7f7bf6
2012-10-20 13:01 . 2012-10-20 13:01 -------- d-----w- C:\cfad15b7ff69dfb697f1208557276373
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 04:08 . 2011-05-07 16:20 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-21 00:19 . 2012-03-29 12:55 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 00:19 . 2011-05-14 14:27 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-30 07:27 . 2012-09-25 16:41 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1FC93443-C5D4-4E8B-A2E0-1A27993EEB34}\mpengine.dll
2012-08-24 18:05 . 2012-09-25 16:39 1188864 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 18:05 . 2012-09-25 16:39 1494528 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 18:05 . 2012-09-25 16:39 134144 ----a-w- c:\windows\system32\url.dll
2012-08-24 18:03 . 2012-09-25 16:39 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 18:03 . 2012-09-25 16:39 97792 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 18:03 . 2012-09-25 16:39 735744 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 18:03 . 2012-09-25 16:39 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 18:02 . 2012-09-25 16:39 247808 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 18:02 . 2012-09-25 16:39 12295680 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 18:02 . 2012-09-25 16:39 2453504 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 16:57 . 2012-09-25 16:39 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 15:59 . 2012-09-25 16:39 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 15:20 . 2012-09-25 16:39 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-20 23:19 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-20 23:20 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-20 23:19 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-20 23:19 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-11-06 03:04 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"EasyTether"="c:\program files\Mobile Stream\EasyTether\easytthr.exe" [2012-10-28 56360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-12-31 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2012-03-23 113288]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
TotalMedia Backup Monitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe [2011-5-6 331776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2011-04-09 47616]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-05-11 99384]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NWVMModem;Virgin Mobile USB Modem Driver;c:\windows\system32\DRIVERS\nwvmmdm.sys [2009-05-15 213376]
R3 NWVMPort;Virgin Mobile USB Status Port Driver;c:\windows\system32\DRIVERS\nwvmser.sys [2009-05-15 213376]
R3 NWVMPort2;Virgin Mobile USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwvmser2.sys [2009-05-15 213376]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-05-11 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-07 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2012-03-23 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-12-31 203776]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2010-12-07 249672]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-23 2413056]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2009-08-24 82432]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-11 31088]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2012-10-28 20784]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2010-12-17 12256512]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-03-23 91648]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-03-23 208896]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-03-23 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 428136]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 21:18 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 00:19]
.
2012-11-16 c:\windows\Tasks\HPCeeScheduleForDon Ward.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
2012-09-21 c:\windows\Tasks\HPCeeScheduleForDONWARD-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-17 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-17 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-17 418328]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-03-23 1128448]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - {1E866952-62EA-4161-B97D-4D228CEDF7A0} - c:\program files (x86)\UAPick\UABtn.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112 0.0.0.0
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: !HIDDEN! 2011-05-18 16:20; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-16 15:51:28
ComboFix-quarantined-files.txt 2012-11-16 20:51
.
Pre-Run: 485,816,758,272 bytes free
Post-Run: 485,082,959,872 bytes free
.
- - End Of File - - 1A68F0E7E1153BEFA031A70DDFDB3F3D
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you post the TDSSKIller report please .. It will be at C:\TDSSKIller date time
  • 0

#5
Firemedic828

Firemedic828

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry... it looks like I posted the Combi report twice.... Here it is:

16:11:35.0896 7100 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:11:37.0300 7100 ============================================================
16:11:37.0300 7100 Current date / time: 2012/11/16 16:11:37.0300
16:11:37.0300 7100 SystemInfo:
16:11:37.0300 7100
16:11:37.0300 7100 OS Version: 6.1.7601 ServicePack: 1.0
16:11:37.0300 7100 Product type: Workstation
16:11:37.0300 7100 ComputerName: DONWARD-HP
16:11:37.0300 7100 UserName: Don Ward
16:11:37.0300 7100 Windows directory: C:\Windows
16:11:37.0300 7100 System windows directory: C:\Windows
16:11:37.0300 7100 Running under WOW64
16:11:37.0300 7100 Processor architecture: Intel x64
16:11:37.0300 7100 Number of processors: 8
16:11:37.0300 7100 Page size: 0x1000
16:11:37.0300 7100 Boot type: Normal boot
16:11:37.0300 7100 ============================================================
16:11:37.0643 7100 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:11:37.0643 7100 Drive \Device\Harddisk1\DR1 - Size: 0x79100000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:11:37.0643 7100 ============================================================
16:11:37.0643 7100 \Device\Harddisk0\DR0:
16:11:37.0643 7100 MBR partitions:
16:11:37.0643 7100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:11:37.0643 7100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4863C800
16:11:37.0643 7100 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x486A0800, BlocksNum 0x2183800
16:11:37.0643 7100 \Device\Harddisk1\DR1:
16:11:37.0643 7100 MBR partitions:
16:11:37.0643 7100 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x1F80, BlocksNum 0x3C6880
16:11:37.0643 7100 ============================================================
16:11:37.0706 7100 C: <-> \Device\Harddisk0\DR0\Partition2
16:11:37.0752 7100 D: <-> \Device\Harddisk0\DR0\Partition3
16:11:37.0752 7100 ============================================================
16:11:37.0752 7100 Initialize success
16:11:37.0752 7100 ============================================================
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer running now ?

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#7
Firemedic828

Firemedic828

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Sorry, I was at work with the fire dept on saturday and can't normally go online. The computer seemed like it was running fine. I did notice when I started up the machine on Sunday, after shutting it down for the night Friday, that a DOS window popped up quickly and then went away. After i reinstalled Microsoft Security essentials, it scanned and found that same Aleuron virus and wanted to do the same thing again (clean, restart, and then run defender offline). i have not run the Malwarebytes yet, but I will do that this morning when the kids settle down for their nap.
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No could you re-run TDSSKiller please and allow it to update if requested
  • 0

#9
Firemedic828

Firemedic828

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran the TDSS again. It did not ask to update. When it restarted to "cure" what it found, it went to the "Blue screen of death". Here is the report:

13:07:22.0419 9436 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:07:22.0739 9436 ============================================================
13:07:22.0739 9436 Current date / time: 2012/11/19 13:07:22.0739
13:07:22.0739 9436 SystemInfo:
13:07:22.0739 9436
13:07:22.0739 9436 OS Version: 6.1.7601 ServicePack: 1.0
13:07:22.0739 9436 Product type: Workstation
13:07:22.0739 9436 ComputerName: DONWARD-HP
13:07:22.0739 9436 UserName: Don Ward
13:07:22.0739 9436 Windows directory: C:\Windows
13:07:22.0739 9436 System windows directory: C:\Windows
13:07:22.0739 9436 Running under WOW64
13:07:22.0739 9436 Processor architecture: Intel x64
13:07:22.0739 9436 Number of processors: 8
13:07:22.0739 9436 Page size: 0x1000
13:07:22.0739 9436 Boot type: Normal boot
13:07:22.0739 9436 ============================================================
13:07:23.0079 9436 BG loaded
13:07:23.0489 9436 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:07:23.0499 9436 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:07:23.0499 9436 ============================================================
13:07:23.0499 9436 \Device\Harddisk0\DR0:
13:07:23.0509 9436 MBR partitions:
13:07:23.0509 9436 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:07:23.0509 9436 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4863C800
13:07:23.0509 9436 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x486A0800, BlocksNum 0x2183800
13:07:23.0509 9436 \Device\Harddisk1\DR1:
13:07:23.0509 9436 MBR partitions:
13:07:23.0509 9436 ============================================================
13:07:23.0579 9436 C: <-> \Device\Harddisk0\DR0\Partition2
13:07:23.0699 9436 D: <-> \Device\Harddisk0\DR0\Partition3
13:07:23.0699 9436 ============================================================
13:07:23.0699 9436 Initialize success
13:07:23.0699 9436 ============================================================
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm that report is not the full one, there should be a larger one at C:\TDSSKiller date time could you locate that for me.. It should also list all drivers
  • 0

Advertisements


#11
Firemedic828

Firemedic828

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Is this the one?

11:40:17.0949 5696 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:40:18.0499 5696 ============================================================
11:40:18.0499 5696 Current date / time: 2012/11/19 11:40:18.0499
11:40:18.0499 5696 SystemInfo:
11:40:18.0499 5696
11:40:18.0499 5696 OS Version: 6.1.7601 ServicePack: 1.0
11:40:18.0499 5696 Product type: Workstation
11:40:18.0499 5696 ComputerName: DONWARD-HP
11:40:18.0499 5696 UserName: Don Ward
11:40:18.0499 5696 Windows directory: C:\Windows
11:40:18.0499 5696 System windows directory: C:\Windows
11:40:18.0499 5696 Running under WOW64
11:40:18.0499 5696 Processor architecture: Intel x64
11:40:18.0499 5696 Number of processors: 8
11:40:18.0499 5696 Page size: 0x1000
11:40:18.0499 5696 Boot type: Normal boot
11:40:18.0499 5696 ============================================================
11:40:18.0772 5696 BG loaded
11:40:19.0162 5696 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:40:19.0178 5696 ============================================================
11:40:19.0178 5696 \Device\Harddisk0\DR0:
11:40:19.0178 5696 MBR partitions:
11:40:19.0178 5696 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:40:19.0178 5696 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4863C800
11:40:19.0178 5696 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x486A0800, BlocksNum 0x2183800
11:40:19.0178 5696 ============================================================
11:40:19.0224 5696 C: <-> \Device\Harddisk0\DR0\Partition2
11:40:19.0349 5696 D: <-> \Device\Harddisk0\DR0\Partition3
11:40:19.0349 5696 ============================================================
11:40:19.0349 5696 Initialize success
11:40:19.0349 5696 ============================================================
11:40:27.0836 4752 ============================================================
11:40:27.0836 4752 Scan started
11:40:27.0836 4752 Mode: Manual;
11:40:27.0836 4752 ============================================================
11:40:46.0540 4752 ================ Scan system memory ========================
11:40:46.0540 4752 System memory - ok
11:40:46.0540 4752 ================ Scan services =============================
11:40:49.0722 4752 02158810 - ok
11:40:49.0941 4752 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:40:50.0019 4752 1394ohci - ok
11:40:50.0159 4752 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
11:40:50.0159 4752 Accelerometer - ok
11:40:50.0799 4752 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
11:40:50.0799 4752 ACDaemon - ok
11:40:50.0970 4752 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:40:50.0986 4752 ACPI - ok
11:40:51.0095 4752 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:40:51.0111 4752 AcpiPmi - ok
11:40:52.0265 4752 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:40:52.0265 4752 AdobeARMservice - ok
11:40:56.0087 4752 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:40:56.0103 4752 AdobeFlashPlayerUpdateSvc - ok
11:40:56.0836 4752 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:40:56.0867 4752 adp94xx - ok
11:40:57.0195 4752 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:40:57.0257 4752 adpahci - ok
11:40:57.0429 4752 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:40:57.0429 4752 adpu320 - ok
11:40:57.0554 4752 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:40:57.0554 4752 AeLookupSvc - ok
11:40:58.0521 4752 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
11:40:58.0521 4752 AESTFilters - ok
11:40:58.0973 4752 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:40:58.0989 4752 AFD - ok
11:40:59.0145 4752 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:40:59.0176 4752 agp440 - ok
11:40:59.0472 4752 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:40:59.0472 4752 ALG - ok
11:40:59.0784 4752 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:40:59.0800 4752 aliide - ok
11:41:00.0206 4752 [ 263570714AC4CF41208E647C77BD2A63 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
11:41:00.0206 4752 AMD External Events Utility - ok
11:41:00.0642 4752 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:41:00.0658 4752 amdide - ok
11:41:00.0939 4752 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:41:00.0986 4752 AmdK8 - ok
11:41:02.0936 4752 [ 0EEAFB005D334910BB0AEE1941351B1E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
11:41:02.0967 4752 amdkmdag - ok
11:41:03.0372 4752 [ 65F58CFB0BFDCEBEAE0164BB037545A8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
11:41:03.0372 4752 amdkmdap - ok
11:41:03.0435 4752 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:41:03.0466 4752 AmdPPM - ok
11:41:03.0965 4752 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:41:03.0981 4752 amdsata - ok
11:41:04.0121 4752 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:41:04.0137 4752 amdsbs - ok
11:41:04.0152 4752 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:41:04.0184 4752 amdxata - ok
11:41:04.0496 4752 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
11:41:04.0511 4752 AMPPAL - ok
11:41:04.0854 4752 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:41:04.0870 4752 AppID - ok
11:41:04.0932 4752 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:41:04.0948 4752 AppIDSvc - ok
11:41:05.0042 4752 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
11:41:05.0042 4752 Appinfo - ok
11:41:06.0898 4752 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:41:06.0914 4752 arc - ok
11:41:07.0132 4752 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:41:07.0163 4752 arcsas - ok
11:41:08.0006 4752 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:41:08.0021 4752 AsyncMac - ok
11:41:08.0177 4752 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:41:08.0193 4752 atapi - ok
11:41:08.0801 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:41:08.0801 4752 AudioEndpointBuilder - ok
11:41:08.0864 4752 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:41:08.0879 4752 AudioSrv - ok
11:41:09.0176 4752 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:41:09.0176 4752 AxInstSV - ok
11:41:09.0846 4752 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:41:09.0862 4752 b06bdrv - ok
11:41:11.0094 4752 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:41:11.0172 4752 b57nd60a - ok
11:41:11.0625 4752 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:41:11.0625 4752 BDESVC - ok
11:41:11.0843 4752 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:41:11.0843 4752 Beep - ok
11:41:13.0138 4752 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:41:13.0138 4752 BFE - ok
11:41:13.0949 4752 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
11:41:13.0949 4752 BITS - ok
11:41:14.0058 4752 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:41:14.0058 4752 blbdrive - ok
11:41:14.0417 4752 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:41:14.0417 4752 bowser - ok
11:41:14.0480 4752 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:41:14.0495 4752 BrFiltLo - ok
11:41:14.0573 4752 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:41:14.0589 4752 BrFiltUp - ok
11:41:15.0369 4752 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
11:41:15.0384 4752 BridgeMP - ok
11:41:15.0603 4752 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:41:15.0603 4752 Browser - ok
11:41:15.0806 4752 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:41:15.0821 4752 Brserid - ok
11:41:15.0884 4752 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:41:15.0899 4752 BrSerWdm - ok
11:41:16.0008 4752 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:41:16.0024 4752 BrUsbMdm - ok
11:41:16.0071 4752 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:41:16.0086 4752 BrUsbSer - ok
11:41:16.0695 4752 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
11:41:16.0695 4752 BthEnum - ok
11:41:16.0851 4752 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:41:16.0851 4752 BTHMODEM - ok
11:41:16.0913 4752 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
11:41:16.0913 4752 BthPan - ok
11:41:17.0210 4752 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
11:41:17.0210 4752 BTHPORT - ok
11:41:17.0506 4752 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:41:17.0522 4752 bthserv - ok
11:41:17.0756 4752 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
11:41:17.0756 4752 BTHUSB - ok
11:41:17.0943 4752 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
11:41:17.0943 4752 btwampfl - ok
11:41:18.0005 4752 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
11:41:18.0005 4752 btwaudio - ok
11:41:18.0470 4752 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
11:41:18.0470 4752 btwavdt - ok
11:41:18.0980 4752 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
11:41:18.0980 4752 btwdins - ok
11:41:19.0430 4752 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
11:41:19.0440 4752 btwl2cap - ok
11:41:19.0530 4752 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
11:41:19.0530 4752 btwrchid - ok
11:41:22.0690 4752 catchme - ok
11:41:22.0920 4752 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:41:22.0930 4752 cdfs - ok
11:41:23.0900 4752 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:41:23.0900 4752 cdrom - ok
11:41:24.0210 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:41:24.0210 4752 CertPropSvc - ok
11:41:24.0330 4752 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:41:24.0340 4752 circlass - ok
11:41:24.0490 4752 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:41:24.0490 4752 CLFS - ok
11:41:25.0040 4752 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:41:25.0050 4752 clr_optimization_v2.0.50727_32 - ok
11:41:25.0550 4752 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:41:25.0560 4752 clr_optimization_v2.0.50727_64 - ok
11:41:26.0100 4752 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:41:26.0100 4752 clr_optimization_v4.0.30319_32 - ok
11:41:26.0460 4752 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:41:26.0460 4752 clr_optimization_v4.0.30319_64 - ok
11:41:26.0880 4752 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
11:41:26.0890 4752 clwvd - ok
11:41:26.0970 4752 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:41:26.0970 4752 CmBatt - ok
11:41:27.0520 4752 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:41:27.0970 4752 cmdide - ok
11:41:28.0830 4752 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:41:28.0850 4752 CNG - ok
11:41:29.0080 4752 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:41:29.0100 4752 Compbatt - ok
11:41:29.0350 4752 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:41:29.0350 4752 CompositeBus - ok
11:41:29.0810 4752 COMSysApp - ok
11:41:29.0910 4752 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:41:29.0920 4752 crcdisk - ok
11:41:30.0130 4752 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:41:30.0130 4752 CryptSvc - ok
11:41:30.0360 4752 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
11:41:30.0360 4752 ctxusbm - ok
11:41:30.0760 4752 [ 15C2AFD86D8A58354FC100434C78B621 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
11:41:30.0820 4752 dc3d - ok
11:41:31.0100 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:41:31.0100 4752 DcomLaunch - ok
11:41:31.0420 4752 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:41:31.0420 4752 defragsvc - ok
11:41:31.0610 4752 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:41:31.0610 4752 DfsC - ok
11:41:32.0010 4752 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
11:41:32.0070 4752 dg_ssudbus - ok
11:41:32.0600 4752 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:41:32.0600 4752 Dhcp - ok
11:41:32.0800 4752 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:41:32.0800 4752 discache - ok
11:41:33.0110 4752 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:41:33.0120 4752 Disk - ok
11:41:33.0310 4752 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:41:33.0310 4752 Dnscache - ok
11:41:33.0440 4752 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:41:33.0440 4752 dot3svc - ok
11:41:33.0560 4752 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:41:33.0560 4752 DPS - ok
11:41:33.0700 4752 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:41:33.0710 4752 drmkaud - ok
11:41:33.0940 4752 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:41:33.0950 4752 DXGKrnl - ok
11:41:34.0110 4752 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:41:34.0110 4752 EapHost - ok
11:41:34.0650 4752 [ 3C9BE677ACA31AF8F2B7E5270B2BEED3 ] easytether C:\Windows\system32\DRIVERS\easytthr.sys
11:41:34.0650 4752 easytether - ok
11:41:34.0930 4752 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:41:35.0010 4752 ebdrv - ok
11:41:35.0200 4752 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:41:35.0200 4752 EFS - ok
11:41:35.0550 4752 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:41:35.0560 4752 ehRecvr - ok
11:41:35.0630 4752 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:41:35.0630 4752 ehSched - ok
11:41:36.0200 4752 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:41:36.0230 4752 elxstor - ok
11:41:36.0300 4752 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:41:36.0310 4752 ErrDev - ok
11:41:36.0580 4752 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:41:36.0740 4752 EventSystem - ok
11:41:38.0160 4752 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
11:41:38.0160 4752 EvtEng - ok
11:41:38.0330 4752 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:41:38.0340 4752 exfat - ok
11:41:38.0430 4752 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:41:38.0430 4752 fastfat - ok
11:41:38.0710 4752 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:41:38.0720 4752 Fax - ok
11:41:39.0120 4752 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:41:39.0130 4752 fdc - ok
11:41:39.0370 4752 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:41:39.0370 4752 fdPHost - ok
11:41:39.0440 4752 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:41:39.0440 4752 FDResPub - ok
11:41:39.0530 4752 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:41:39.0530 4752 FileInfo - ok
11:41:39.0570 4752 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:41:39.0570 4752 Filetrace - ok
11:41:39.0680 4752 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:41:39.0700 4752 flpydisk - ok
11:41:39.0830 4752 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:41:39.0830 4752 FltMgr - ok
11:41:39.0940 4752 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
11:41:39.0950 4752 FontCache - ok
11:41:40.0380 4752 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:41:40.0380 4752 FontCache3.0.0.0 - ok
11:41:41.0140 4752 [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
11:41:41.0140 4752 FPLService - ok
11:41:41.0190 4752 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:41:41.0190 4752 FsDepends - ok
11:41:41.0220 4752 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:41:41.0240 4752 Fs_Rec - ok
11:41:41.0540 4752 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:41:41.0540 4752 fvevol - ok
11:41:41.0670 4752 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:41:41.0690 4752 gagp30kx - ok
11:41:41.0970 4752 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:41:42.0010 4752 GameConsoleService - ok
11:41:42.0170 4752 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:41:42.0170 4752 gpsvc - ok
11:41:42.0530 4752 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:41:42.0550 4752 gusvc - ok
11:41:42.0630 4752 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:41:42.0660 4752 hcw85cir - ok
11:41:42.0810 4752 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:41:42.0820 4752 HdAudAddService - ok
11:41:42.0930 4752 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:41:42.0930 4752 HDAudBus - ok
11:41:42.0950 4752 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:41:42.0970 4752 HidBatt - ok
11:41:43.0060 4752 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:41:43.0080 4752 HidBth - ok
11:41:43.0161 4752 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:41:43.0208 4752 HidIr - ok
11:41:43.0473 4752 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
11:41:43.0473 4752 hidserv - ok
11:41:43.0707 4752 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
11:41:43.0723 4752 HidUsb - ok
11:41:43.0769 4752 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:41:43.0816 4752 hkmsvc - ok
11:41:43.0941 4752 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:41:43.0941 4752 HomeGroupListener - ok
11:41:44.0019 4752 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:41:44.0019 4752 HomeGroupProvider - ok
11:41:44.0393 4752 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:41:44.0393 4752 HP Support Assistant Service - ok
11:41:44.0690 4752 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
11:41:44.0690 4752 HP Wireless Assistant Service - ok
11:41:44.0861 4752 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
11:41:44.0861 4752 HPClientSvc - ok
11:41:44.0924 4752 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
11:41:44.0924 4752 hpdskflt - ok
11:41:45.0938 4752 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:41:45.0938 4752 hpqcxs08 - ok
11:41:46.0063 4752 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:41:46.0063 4752 hpqddsvc - ok
11:41:46.0390 4752 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
11:41:46.0390 4752 hpqwmiex - ok
11:41:46.0546 4752 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:41:46.0562 4752 HpSAMD - ok
11:41:46.0905 4752 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:41:46.0905 4752 HPSLPSVC - ok
11:41:46.0967 4752 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
11:41:46.0967 4752 hpsrv - ok
11:41:47.0139 4752 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
11:41:47.0139 4752 HPWMISVC - ok
11:41:47.0357 4752 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:41:47.0357 4752 HTTP - ok
11:41:47.0420 4752 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:41:47.0420 4752 hwpolicy - ok
11:41:47.0560 4752 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
11:41:47.0560 4752 i8042prt - ok
11:41:47.0747 4752 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
11:41:47.0747 4752 iaStor - ok
11:41:48.0044 4752 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
11:41:48.0044 4752 IAStorDataMgrSvc - ok
11:41:48.0153 4752 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:41:48.0184 4752 iaStorV - ok
11:41:49.0011 4752 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
11:41:49.0011 4752 IconMan_R - ok
11:41:49.0354 4752 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:41:49.0370 4752 idsvc - ok
11:41:52.0318 4752 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:41:52.0568 4752 igfx - ok
11:41:52.0599 4752 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:41:52.0630 4752 iirsp - ok
11:41:52.0880 4752 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:41:52.0880 4752 IKEEXT - ok
11:41:53.0067 4752 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
11:41:53.0067 4752 IntcDAud - ok
11:41:53.0098 4752 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:41:53.0114 4752 intelide - ok
11:41:55.0688 4752 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
11:41:55.0735 4752 intelkmd - ok
11:41:55.0797 4752 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:41:55.0797 4752 intelppm - ok
11:41:55.0828 4752 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:41:55.0828 4752 IPBusEnum - ok
11:41:55.0906 4752 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:41:55.0922 4752 IpFilterDriver - ok
11:41:56.0109 4752 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:41:56.0109 4752 iphlpsvc - ok
11:41:56.0171 4752 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:41:56.0187 4752 IPMIDRV - ok
11:41:56.0203 4752 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:41:56.0234 4752 IPNAT - ok
11:41:56.0296 4752 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:41:56.0296 4752 IRENUM - ok
11:41:56.0405 4752 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:41:56.0405 4752 isapnp - ok
11:41:56.0468 4752 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:41:56.0483 4752 iScsiPrt - ok
11:41:56.0577 4752 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:41:56.0577 4752 kbdclass - ok
11:41:56.0655 4752 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:41:56.0655 4752 kbdhid - ok
11:41:56.0795 4752 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:41:56.0795 4752 KeyIso - ok
11:41:56.0858 4752 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:41:56.0873 4752 KSecDD - ok
11:41:56.0951 4752 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:41:56.0951 4752 KSecPkg - ok
11:41:56.0998 4752 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:41:56.0998 4752 ksthunk - ok
11:41:57.0029 4752 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:41:57.0029 4752 KtmRm - ok
11:41:57.0154 4752 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
11:41:57.0170 4752 LanmanServer - ok
11:41:57.0263 4752 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:41:57.0263 4752 LanmanWorkstation - ok
11:41:57.0404 4752 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:41:57.0419 4752 LightScribeService - ok
11:41:57.0529 4752 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:41:57.0529 4752 lltdio - ok
11:41:57.0607 4752 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:41:57.0622 4752 lltdsvc - ok
11:41:57.0700 4752 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:41:57.0700 4752 lmhosts - ok
11:41:57.0919 4752 [ C463A25F01C6237295917417C5E9E344 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
11:41:57.0919 4752 LMS - ok
11:41:57.0997 4752 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:41:57.0997 4752 LSI_FC - ok
11:41:58.0043 4752 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:41:58.0043 4752 LSI_SAS - ok
11:41:58.0106 4752 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:41:58.0106 4752 LSI_SAS2 - ok
11:41:58.0137 4752 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:41:58.0153 4752 LSI_SCSI - ok
11:41:58.0215 4752 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:41:58.0215 4752 luafv - ok
11:41:58.0277 4752 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:41:58.0277 4752 Mcx2Svc - ok
11:41:58.0324 4752 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:41:58.0324 4752 megasas - ok
11:41:58.0433 4752 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:41:58.0449 4752 MegaSR - ok
11:41:58.0527 4752 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
11:41:58.0527 4752 MEIx64 - ok
11:41:58.0652 4752 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:41:58.0652 4752 Microsoft Office Groove Audit Service - ok
11:41:58.0683 4752 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:41:58.0683 4752 MMCSS - ok
11:41:58.0714 4752 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:41:58.0714 4752 Modem - ok
11:41:58.0745 4752 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:41:58.0745 4752 monitor - ok
11:41:58.0839 4752 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
11:41:58.0839 4752 mouclass - ok
11:41:59.0011 4752 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:41:59.0026 4752 mouhid - ok
11:41:59.0135 4752 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:41:59.0135 4752 mountmgr - ok
11:41:59.0198 4752 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:41:59.0198 4752 mpio - ok
11:41:59.0229 4752 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:41:59.0229 4752 mpsdrv - ok
11:41:59.0276 4752 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:41:59.0276 4752 MpsSvc - ok
11:41:59.0338 4752 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:41:59.0354 4752 MRxDAV - ok
11:41:59.0432 4752 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:41:59.0432 4752 mrxsmb - ok
11:41:59.0510 4752 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:41:59.0510 4752 mrxsmb10 - ok
11:41:59.0525 4752 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:41:59.0525 4752 mrxsmb20 - ok
11:41:59.0572 4752 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:41:59.0588 4752 msahci - ok
11:41:59.0603 4752 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:41:59.0603 4752 msdsm - ok
11:41:59.0635 4752 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:41:59.0635 4752 MSDTC - ok
11:41:59.0681 4752 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:41:59.0681 4752 Msfs - ok
11:41:59.0697 4752 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:41:59.0697 4752 mshidkmdf - ok
11:41:59.0744 4752 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:41:59.0744 4752 msisadrv - ok
11:41:59.0775 4752 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:41:59.0806 4752 MSiSCSI - ok
11:41:59.0806 4752 msiserver - ok
11:41:59.0837 4752 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:41:59.0837 4752 MSKSSRV - ok
11:41:59.0869 4752 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:41:59.0869 4752 MSPCLOCK - ok
11:41:59.0869 4752 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:41:59.0869 4752 MSPQM - ok
11:41:59.0978 4752 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:42:00.0009 4752 MsRPC - ok
11:42:00.0056 4752 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:42:00.0056 4752 mssmbios - ok
11:42:00.0196 4752 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:42:00.0196 4752 MSTEE - ok
11:42:00.0274 4752 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:42:00.0274 4752 MTConfig - ok
11:42:00.0321 4752 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:42:00.0321 4752 Mup - ok
11:42:00.0586 4752 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
11:42:00.0602 4752 MyWiFiDHCPDNS - ok
11:42:00.0649 4752 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:42:00.0649 4752 napagent - ok
11:42:00.0883 4752 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:42:00.0883 4752 NativeWifiP - ok
11:42:01.0257 4752 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:42:01.0257 4752 NDIS - ok
11:42:01.0319 4752 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:42:01.0351 4752 NdisCap - ok
11:42:01.0382 4752 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:42:01.0397 4752 NdisTapi - ok
11:42:01.0460 4752 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:42:01.0460 4752 Ndisuio - ok
11:42:01.0616 4752 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:42:01.0616 4752 NdisWan - ok
11:42:01.0772 4752 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:42:01.0772 4752 NDProxy - ok
11:42:01.0881 4752 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:42:01.0881 4752 Net Driver HPZ12 - ok
11:42:02.0021 4752 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:42:02.0021 4752 NetBIOS - ok
11:42:02.0084 4752 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:42:02.0084 4752 NetBT - ok
11:42:02.0770 4752 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:42:02.0770 4752 Netlogon - ok
11:42:03.0457 4752 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:42:03.0457 4752 Netman - ok
11:42:03.0550 4752 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:42:03.0550 4752 netprofm - ok
11:42:03.0628 4752 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:42:03.0628 4752 NetTcpPortSharing - ok
11:42:05.0017 4752 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
11:42:05.0235 4752 netw5v64 - ok
11:42:07.0138 4752 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
11:42:07.0169 4752 NETwNs64 - ok
11:42:07.0279 4752 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:42:07.0294 4752 nfrd960 - ok
11:42:07.0435 4752 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:42:07.0435 4752 NlaSvc - ok
11:42:07.0466 4752 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:42:07.0466 4752 Npfs - ok
11:42:07.0513 4752 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:42:07.0513 4752 nsi - ok
11:42:07.0528 4752 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:42:07.0528 4752 nsiproxy - ok
11:42:08.0027 4752 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:42:08.0059 4752 Ntfs - ok
11:42:08.0199 4752 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
11:42:08.0215 4752 NuidFltr - ok
11:42:08.0277 4752 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:42:08.0277 4752 Null - ok
11:42:08.0402 4752 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
11:42:08.0402 4752 nusb3hub - ok
11:42:08.0480 4752 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
11:42:08.0480 4752 nusb3xhc - ok
11:42:08.0558 4752 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:42:08.0573 4752 nvraid - ok
11:42:08.0683 4752 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:42:08.0714 4752 nvstor - ok
11:42:08.0854 4752 [ 23E6A6A7D4930B70D9FFFD371450EF1C ] NvtlService C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
11:42:08.0854 4752 NvtlService - ok
11:42:08.0932 4752 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:42:08.0948 4752 nv_agp - ok
11:42:09.0041 4752 [ A3FADCF96ABF4803E7A946CD48641AC3 ] NWVMModem C:\Windows\system32\DRIVERS\nwvmmdm.sys
11:42:09.0041 4752 NWVMModem - ok
11:42:09.0166 4752 [ A3FADCF96ABF4803E7A946CD48641AC3 ] NWVMPort C:\Windows\system32\DRIVERS\nwvmser.sys
11:42:09.0182 4752 NWVMPort - ok
11:42:09.0244 4752 [ A3FADCF96ABF4803E7A946CD48641AC3 ] NWVMPort2 C:\Windows\system32\DRIVERS\nwvmser2.sys
11:42:09.0260 4752 NWVMPort2 - ok
11:42:09.0541 4752 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:42:09.0556 4752 odserv - ok
11:42:09.0587 4752 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:42:09.0619 4752 ohci1394 - ok
11:42:09.0806 4752 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:42:09.0837 4752 ose - ok
11:42:09.0946 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:42:09.0946 4752 p2pimsvc - ok
11:42:10.0024 4752 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:42:10.0024 4752 p2psvc - ok
11:42:10.0149 4752 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:42:10.0149 4752 Parport - ok
11:42:10.0196 4752 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:42:10.0196 4752 partmgr - ok
11:42:10.0243 4752 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:42:10.0243 4752 PcaSvc - ok
11:42:10.0274 4752 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:42:10.0289 4752 pci - ok
11:42:10.0321 4752 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:42:10.0352 4752 pciide - ok
11:42:10.0383 4752 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:42:10.0399 4752 pcmcia - ok
11:42:10.0430 4752 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:42:10.0430 4752 pcw - ok
11:42:10.0570 4752 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:42:10.0570 4752 PEAUTH - ok
11:42:11.0444 4752 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:42:11.0444 4752 PerfHost - ok
11:42:11.0709 4752 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:42:11.0709 4752 pla - ok
11:42:12.0723 4752 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:42:12.0739 4752 PlugPlay - ok
11:42:12.0848 4752 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:42:12.0848 4752 Pml Driver HPZ12 - ok
11:42:12.0957 4752 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:42:12.0957 4752 PNRPAutoReg - ok
11:42:13.0066 4752 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:42:13.0066 4752 PNRPsvc - ok
11:42:13.0160 4752 [ 33328FA8A580885AB0065BE6DB266E9F ] Point64 C:\Windows\system32\DRIVERS\point64.sys
11:42:13.0175 4752 Point64 - ok
11:42:13.0269 4752 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:42:13.0269 4752 PolicyAgent - ok
11:42:13.0378 4752 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:42:13.0378 4752 Power - ok
11:42:13.0456 4752 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:42:13.0456 4752 PptpMiniport - ok
11:42:13.0519 4752 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:42:13.0534 4752 Processor - ok
11:42:13.0628 4752 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:42:13.0628 4752 ProfSvc - ok
11:42:13.0628 4752 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:42:13.0628 4752 ProtectedStorage - ok
11:42:14.0080 4752 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:42:14.0080 4752 Psched - ok
11:42:14.0283 4752 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:42:14.0314 4752 ql2300 - ok
11:42:14.0345 4752 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:42:14.0377 4752 ql40xx - ok
11:42:14.0501 4752 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:42:14.0517 4752 QWAVE - ok
11:42:14.0564 4752 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:42:14.0564 4752 QWAVEdrv - ok
11:42:14.0595 4752 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:42:14.0611 4752 RasAcd - ok
11:42:14.0657 4752 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:42:14.0657 4752 RasAgileVpn - ok
11:42:14.0782 4752 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:42:14.0782 4752 RasAuto - ok
11:42:14.0876 4752 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:42:14.0876 4752 Rasl2tp - ok
11:42:14.0969 4752 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:42:14.0969 4752 RasMan - ok
11:42:15.0032 4752 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:42:15.0032 4752 RasPppoe - ok
11:42:15.0063 4752 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:42:15.0063 4752 RasSstp - ok
11:42:15.0157 4752 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:42:15.0157 4752 rdbss - ok
11:42:15.0188 4752 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:42:15.0188 4752 rdpbus - ok
11:42:15.0391 4752 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:42:15.0391 4752 RDPCDD - ok
11:42:15.0484 4752 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:42:15.0484 4752 RDPENCDD - ok
11:42:15.0531 4752 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:42:15.0531 4752 RDPREFMP - ok
11:42:15.0609 4752 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:42:15.0609 4752 RDPWD - ok
11:42:15.0687 4752 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:42:15.0687 4752 rdyboost - ok
11:42:16.0030 4752 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
11:42:16.0046 4752 RegSrvc - ok
11:42:16.0077 4752 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:42:16.0077 4752 RemoteAccess - ok
11:42:16.0139 4752 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:42:16.0139 4752 RemoteRegistry - ok
11:42:16.0342 4752 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
11:42:16.0342 4752 RFCOMM - ok
11:42:16.0436 4752 [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
11:42:16.0451 4752 RimUsb - ok
11:42:16.0529 4752 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
11:42:16.0529 4752 RimVSerPort - ok
11:42:16.0592 4752 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
11:42:16.0592 4752 ROOTMODEM - ok
11:42:16.0779 4752 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
11:42:16.0779 4752 RoxioNow Service - ok
11:42:16.0841 4752 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:42:16.0841 4752 RpcEptMapper - ok
11:42:16.0888 4752 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:42:16.0888 4752 RpcLocator - ok
11:42:17.0029 4752 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
11:42:17.0029 4752 RpcSs - ok
11:42:17.0169 4752 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
11:42:17.0169 4752 RSPCIESTOR - ok
11:42:17.0247 4752 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:42:17.0247 4752 rspndr - ok
11:42:17.0465 4752 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:42:17.0465 4752 RTL8167 - ok
11:42:17.0512 4752 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:42:17.0512 4752 SamSs - ok
11:42:17.0543 4752 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:42:17.0559 4752 sbp2port - ok
11:42:17.0621 4752 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:42:17.0621 4752 SCardSvr - ok
11:42:17.0653 4752 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:42:17.0653 4752 scfilter - ok
11:42:17.0933 4752 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:42:17.0933 4752 Schedule - ok
11:42:17.0965 4752 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:42:17.0980 4752 SCPolicySvc - ok
11:42:18.0089 4752 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
11:42:18.0105 4752 sdbus - ok
11:42:18.0183 4752 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:42:18.0183 4752 SDRSVC - ok
11:42:18.0573 4752 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:42:18.0573 4752 secdrv - ok
11:42:18.0682 4752 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:42:18.0682 4752 seclogon - ok
11:42:18.0963 4752 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
11:42:18.0963 4752 SENS - ok
11:42:19.0135 4752 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:42:19.0135 4752 SensrSvc - ok
11:42:19.0244 4752 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:42:19.0244 4752 Serenum - ok
11:42:19.0291 4752 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:42:19.0291 4752 Serial - ok
11:42:19.0415 4752 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:42:19.0431 4752 sermouse - ok
11:42:19.0478 4752 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:42:19.0478 4752 SessionEnv - ok
11:42:19.0525 4752 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:42:19.0540 4752 sffdisk - ok
11:42:19.0556 4752 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:42:19.0556 4752 sffp_mmc - ok
11:42:19.0571 4752 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:42:19.0571 4752 sffp_sd - ok
11:42:19.0634 4752 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:42:19.0634 4752 sfloppy - ok
11:42:19.0837 4752 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:42:19.0837 4752 SharedAccess - ok
11:42:19.0946 4752 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:42:19.0946 4752 ShellHWDetection - ok
11:42:20.0008 4752 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:42:20.0024 4752 SiSRaid2 - ok
11:42:20.0039 4752 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:42:20.0055 4752 SiSRaid4 - ok
11:42:20.0258 4752 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:42:20.0258 4752 SkypeUpdate - ok
11:42:20.0351 4752 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:42:20.0351 4752 Smb - ok
11:42:20.0429 4752 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:42:20.0429 4752 SNMPTRAP - ok
11:42:20.0461 4752 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:42:20.0492 4752 spldr - ok
11:42:20.0632 4752 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:42:20.0632 4752 Spooler - ok
11:42:21.0085 4752 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:42:21.0100 4752 sppsvc - ok
11:42:21.0116 4752 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:42:21.0116 4752 sppuinotify - ok
11:42:21.0241 4752 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:42:21.0241 4752 srv - ok
11:42:21.0428 4752 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:42:21.0428 4752 srv2 - ok
11:42:21.0599 4752 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:42:21.0615 4752 SrvHsfHDA - ok
11:42:21.0958 4752 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:42:22.0005 4752 SrvHsfV92 - ok
11:42:22.0161 4752 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:42:22.0177 4752 SrvHsfWinac - ok
11:42:22.0239 4752 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:42:22.0239 4752 srvnet - ok
11:42:22.0333 4752 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:42:22.0333 4752 SSDPSRV - ok
11:42:22.0364 4752 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:42:22.0364 4752 SstpSvc - ok
11:42:22.0442 4752 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
11:42:22.0473 4752 ssudmdm - ok
11:42:22.0660 4752 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
11:42:22.0707 4752 STacSV - ok
11:42:22.0738 4752 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:42:22.0738 4752 stexstor - ok
11:42:22.0832 4752 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
11:42:22.0832 4752 STHDA - ok
11:42:22.0925 4752 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
11:42:22.0925 4752 StillCam - ok
11:42:23.0066 4752 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:42:23.0081 4752 stisvc - ok
11:42:23.0206 4752 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:42:23.0206 4752 swenum - ok
11:42:23.0347 4752 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:42:23.0362 4752 swprv - ok
11:42:23.0815 4752 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:42:23.0815 4752 SynTP - ok
11:42:24.0485 4752 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:42:24.0485 4752 SysMain - ok
11:42:24.0548 4752 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:42:24.0548 4752 TabletInputService - ok
11:42:24.0657 4752 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:42:24.0657 4752 TapiSrv - ok
11:42:24.0688 4752 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:42:24.0688 4752 TBS - ok
11:42:24.0844 4752 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:42:24.0891 4752 Tcpip - ok
11:42:24.0985 4752 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:42:24.0985 4752 TCPIP6 - ok
11:42:25.0047 4752 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:42:25.0047 4752 tcpipreg - ok
11:42:25.0078 4752 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:42:25.0109 4752 TDPIPE - ok
11:42:25.0141 4752 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:42:25.0156 4752 TDTCP - ok
11:42:25.0187 4752 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:42:25.0187 4752 tdx - ok
11:42:25.0219 4752 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:42:25.0219 4752 TermDD - ok
11:42:25.0250 4752 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:42:25.0250 4752 TermService - ok
11:42:25.0265 4752 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:42:25.0265 4752 Themes - ok
11:42:25.0312 4752 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:42:25.0312 4752 THREADORDER - ok
11:42:25.0343 4752 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:42:25.0343 4752 TrkWks - ok
11:42:25.0468 4752 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:42:25.0468 4752 TrustedInstaller - ok
11:42:25.0499 4752 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:42:25.0499 4752 tssecsrv - ok
11:42:25.0531 4752 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:42:25.0546 4752 TsUsbFlt - ok
11:42:25.0609 4752 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:42:25.0609 4752 tunnel - ok
11:42:25.0640 4752 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:42:25.0655 4752 uagp35 - ok
11:42:25.0702 4752 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:42:25.0702 4752 udfs - ok
11:42:25.0733 4752 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:42:25.0733 4752 UI0Detect - ok
11:42:25.0765 4752 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:42:25.0765 4752 uliagpkx - ok
11:42:25.0843 4752 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:42:25.0843 4752 umbus - ok
11:42:25.0874 4752 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:42:25.0874 4752 UmPass - ok
11:42:26.0123 4752 [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
11:42:26.0139 4752 UNS - ok
11:42:26.0482 4752 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:42:26.0482 4752 upnphost - ok
11:42:26.0607 4752 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:42:26.0607 4752 usbccgp - ok
11:42:26.0669 4752 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:42:26.0669 4752 usbcir - ok
11:42:26.0701 4752 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:42:27.0262 4752 usbehci - ok
11:42:27.0418 4752 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:42:30.0242 4752 usbhub - ok
11:42:30.0273 4752 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:42:30.0273 4752 usbohci - ok
11:42:30.0351 4752 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:42:30.0367 4752 usbprint - ok
11:42:30.0413 4752 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:42:30.0445 4752 USBSTOR - ok
11:42:30.0460 4752 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:42:30.0460 4752 usbuhci - ok
11:42:30.0679 4752 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:42:30.0679 4752 usbvideo - ok
11:42:30.0772 4752 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:42:30.0772 4752 UxSms - ok
11:42:30.0866 4752 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:42:30.0881 4752 VaultSvc - ok
11:42:30.0944 4752 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:42:30.0944 4752 vdrvroot - ok
11:42:31.0100 4752 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:42:31.0115 4752 vds - ok
11:42:31.0630 4752 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:42:31.0677 4752 vga - ok
11:42:31.0942 4752 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:42:31.0942 4752 VgaSave - ok
11:42:32.0114 4752 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:42:32.0207 4752 vhdmp - ok
11:42:34.0033 4752 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:42:34.0033 4752 viaide - ok
11:42:35.0303 4752 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:42:35.0323 4752 volmgr - ok
11:42:35.0633 4752 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:42:35.0633 4752 volmgrx - ok
11:42:35.0783 4752 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:42:35.0793 4752 volsnap - ok
11:42:35.0933 4752 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:42:35.0953 4752 vsmraid - ok
11:42:36.0303 4752 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:42:36.0313 4752 VSS - ok
11:42:36.0363 4752 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:42:36.0363 4752 vwifibus - ok
11:42:36.0393 4752 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:42:36.0393 4752 vwififlt - ok
11:42:36.0413 4752 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
11:42:36.0423 4752 vwifimp - ok
11:42:36.0593 4752 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:42:36.0613 4752 W32Time - ok
11:42:36.0693 4752 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:42:36.0703 4752 WacomPen - ok
11:42:36.0773 4752 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:42:36.0773 4752 WANARP - ok
11:42:36.0803 4752 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:42:36.0803 4752 Wanarpv6 - ok
11:42:37.0093 4752 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:42:37.0103 4752 WatAdminSvc - ok
11:42:37.0173 4752 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:42:37.0173 4752 wbengine - ok
11:42:37.0193 4752 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:42:37.0203 4752 WbioSrvc - ok
11:42:37.0243 4752 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:42:37.0243 4752 wcncsvc - ok
11:42:37.0263 4752 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:42:37.0263 4752 WcsPlugInService - ok
11:42:37.0293 4752 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:42:37.0293 4752 Wd - ok
11:42:37.0313 4752 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:42:37.0333 4752 Wdf01000 - ok
11:42:37.0363 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:42:37.0373 4752 WdiServiceHost - ok
11:42:37.0373 4752 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:42:37.0373 4752 WdiSystemHost - ok
11:42:37.0453 4752 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
11:42:37.0453 4752 wdkmd - ok
11:42:37.0743 4752 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:42:37.0963 4752 WebClient - ok
11:42:38.0983 4752 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:42:39.0093 4752 Wecsvc - ok
11:42:39.0603 4752 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:42:39.0603 4752 wercplsupport - ok
11:42:40.0463 4752 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:42:40.0463 4752 WerSvc - ok
11:42:40.0913 4752 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:42:40.0913 4752 WfpLwf - ok
11:42:44.0643 4752 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:42:44.0643 4752 WIMMount - ok
11:42:44.0693 4752 WinDefend - ok
11:42:44.0693 4752 WinHttpAutoProxySvc - ok
11:42:45.0213 4752 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:42:45.0213 4752 Winmgmt - ok
11:42:46.0023 4752 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:42:46.0033 4752 WinRM - ok
11:42:47.0363 4752 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
11:42:47.0363 4752 WinUsb - ok
11:42:47.0493 4752 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:42:47.0503 4752 Wlansvc - ok
11:42:48.0283 4752 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
11:42:48.0323 4752 wlcrasvc - ok
11:42:49.0113 4752 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:42:49.0123 4752 wlidsvc - ok
11:42:49.0263 4752 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:42:49.0263 4752 WmiAcpi - ok
11:42:49.0353 4752 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:42:49.0353 4752 wmiApSrv - ok
11:42:49.0473 4752 WMPNetworkSvc - ok
11:42:49.0593 4752 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:42:49.0593 4752 WPCSvc - ok
11:42:49.0683 4752 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:42:49.0683 4752 WPDBusEnum - ok
11:42:49.0723 4752 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:42:49.0723 4752 ws2ifsl - ok
11:42:51.0363 4752 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
11:42:51.0363 4752 wscsvc - ok
11:42:51.0363 4752 WSearch - ok
11:42:52.0313 4752 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:42:52.0323 4752 wuauserv - ok
11:42:52.0393 4752 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:42:52.0393 4752 WudfPf - ok
11:42:52.0543 4752 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:42:52.0543 4752 WUDFRd - ok
11:42:52.0603 4752 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:42:52.0603 4752 wudfsvc - ok
11:42:52.0733 4752 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
11:42:52.0743 4752 WwanSvc - ok
11:42:53.0823 4752 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
11:42:53.0853 4752 yukonw7 - ok
11:42:56.0063 4752 ================ Scan global ===============================
11:42:56.0113 4752 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:42:56.0533 4752 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:42:56.0593 4752 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
11:42:56.0643 4752 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:42:57.0113 4752 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:42:57.0113 4752 [Global] - ok
11:42:57.0113 4752 ================ Scan MBR ==================================
11:42:57.0273 4752 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
11:42:57.0273 4752 Suspicious mbr (Forged): \Device\Harddisk0\DR0
11:42:58.0673 4752 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:42:58.0673 4752 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:42:58.0673 4752 ================ Scan VBR ==================================
11:42:58.0743 4752 [ 2CC0A12B6F6F07E37077A7CCFA8B1EC1 ] \Device\Harddisk0\DR0\Partition1
11:42:58.0843 4752 \Device\Harddisk0\DR0\Partition1 - ok
11:42:58.0973 4752 [ CCC4118B1CE7C08A6B9CA0EF0B307218 ] \Device\Harddisk0\DR0\Partition2
11:42:59.0063 4752 \Device\Harddisk0\DR0\Partition2 - ok
11:43:00.0103 4752 [ 4FFF0B24AC3C58A8C4F67D02A753469B ] \Device\Harddisk0\DR0\Partition3
11:43:00.0193 4752 \Device\Harddisk0\DR0\Partition3 - ok
11:43:00.0193 4752 ============================================================
11:43:00.0193 4752 Scan finished
11:43:00.0193 4752 ============================================================
11:43:00.0203 8944 Detected object count: 1
11:43:00.0203 8944 Actual detected object count: 1
11:44:10.0384 8944 \Device\Harddisk0\DR0\# - copied to quarantine
11:44:10.0384 8944 \Device\Harddisk0\DR0 - copied to quarantine
11:44:10.0794 8944 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:44:10.0794 8944 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:44:10.0794 8944 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:44:10.0804 8944 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:44:11.0044 8944 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:44:11.0114 8944 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:44:11.0124 8944 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:44:11.0124 8944 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:44:11.0134 8944 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:44:11.0144 8944 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:44:11.0174 8944 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:44:11.0174 8944 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:44:11.0174 8944 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:44:11.0174 8944 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:44:11.0254 8944 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
11:44:11.0334 8944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:44:11.0364 8944 \Device\Harddisk0\DR0 - ok
11:44:13.0084 8944 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes that's the one

Could you once again run TDSSKiller and see if it detects the MBR infection
If it does let me know and I will consider another approach
  • 0

#13
Firemedic828

Firemedic828

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here is the latest report...I ran TDSS again and when it went to "cure" it crashed the computer again. When I restarted, I also got an error about a program that could not be found... It was... "6614292a-a1af-4ecc-ad55-578809ec05f3.exe" I just exited the error message, the computer loaded. I then got a message that the Windows Malicious Software removal Tool needed to make changes. When I accepted, the computer crashed again. The next time, I didn't allow it to make changes and the computer loaded. I also noticed that Microsoft Security Essentials had been deleted. When I reinstalled it and ran the scan, it still detected the Aleuron virus.

13:44:07.0862 10244 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:44:08.0482 10244 ============================================================
13:44:08.0482 10244 Current date / time: 2012/11/19 13:44:08.0482
13:44:08.0482 10244 SystemInfo:
13:44:08.0482 10244
13:44:08.0482 10244 OS Version: 6.1.7601 ServicePack: 1.0
13:44:08.0482 10244 Product type: Workstation
13:44:08.0482 10244 ComputerName: DONWARD-HP
13:44:08.0482 10244 UserName: Don Ward
13:44:08.0482 10244 Windows directory: C:\Windows
13:44:08.0482 10244 System windows directory: C:\Windows
13:44:08.0482 10244 Running under WOW64
13:44:08.0482 10244 Processor architecture: Intel x64
13:44:08.0482 10244 Number of processors: 8
13:44:08.0482 10244 Page size: 0x1000
13:44:08.0482 10244 Boot type: Normal boot
13:44:08.0482 10244 ============================================================
13:44:08.0542 10244 BG loaded
13:44:08.0752 10244 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:44:08.0752 10244 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:44:08.0762 10244 ============================================================
13:44:08.0762 10244 \Device\Harddisk0\DR0:
13:44:08.0762 10244 MBR partitions:
13:44:08.0762 10244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:44:08.0762 10244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x4863C800
13:44:08.0762 10244 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x486A0800, BlocksNum 0x2183800
13:44:08.0762 10244 \Device\Harddisk1\DR1:
13:44:08.0762 10244 MBR partitions:
13:44:08.0762 10244 ============================================================
13:44:08.0802 10244 C: <-> \Device\Harddisk0\DR0\Partition2
13:44:08.0972 10244 D: <-> \Device\Harddisk0\DR0\Partition3
13:44:08.0972 10244 ============================================================
13:44:08.0972 10244 Initialize success
13:44:08.0972 10244 ============================================================
13:44:14.0682 2356 ============================================================
13:44:14.0682 2356 Scan started
13:44:14.0682 2356 Mode: Manual;
13:44:14.0682 2356 ============================================================
13:44:15.0292 2356 ================ Scan system memory ========================
13:44:15.0292 2356 System memory - ok
13:44:15.0292 2356 ================ Scan services =============================
13:44:15.0452 2356 02158810 - ok
13:44:15.0502 2356 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:44:15.0502 2356 1394ohci - ok
13:44:15.0572 2356 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
13:44:15.0572 2356 Accelerometer - ok
13:44:15.0692 2356 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:44:15.0692 2356 ACDaemon - ok
13:44:15.0752 2356 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:44:15.0752 2356 ACPI - ok
13:44:15.0792 2356 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:44:15.0792 2356 AcpiPmi - ok
13:44:15.0932 2356 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:44:15.0932 2356 AdobeARMservice - ok
13:44:16.0142 2356 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:44:16.0142 2356 AdobeFlashPlayerUpdateSvc - ok
13:44:16.0202 2356 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
13:44:16.0202 2356 adp94xx - ok
13:44:16.0282 2356 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
13:44:16.0282 2356 adpahci - ok
13:44:16.0302 2356 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
13:44:16.0302 2356 adpu320 - ok
13:44:16.0322 2356 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:44:16.0322 2356 AeLookupSvc - ok
13:44:16.0482 2356 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
13:44:16.0482 2356 AESTFilters - ok
13:44:16.0542 2356 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:44:16.0542 2356 AFD - ok
13:44:16.0622 2356 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:44:16.0622 2356 agp440 - ok
13:44:16.0632 2356 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:44:16.0632 2356 ALG - ok
13:44:16.0692 2356 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:44:16.0692 2356 aliide - ok
13:44:16.0752 2356 [ 263570714AC4CF41208E647C77BD2A63 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
13:44:16.0752 2356 AMD External Events Utility - ok
13:44:16.0762 2356 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:44:16.0762 2356 amdide - ok
13:44:16.0802 2356 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
13:44:16.0812 2356 AmdK8 - ok
13:44:17.0012 2356 [ 0EEAFB005D334910BB0AEE1941351B1E ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
13:44:17.0122 2356 amdkmdag - ok
13:44:17.0192 2356 [ 65F58CFB0BFDCEBEAE0164BB037545A8 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
13:44:17.0192 2356 amdkmdap - ok
13:44:17.0242 2356 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
13:44:17.0242 2356 AmdPPM - ok
13:44:17.0282 2356 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:44:17.0292 2356 amdsata - ok
13:44:17.0372 2356 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
13:44:17.0372 2356 amdsbs - ok
13:44:17.0392 2356 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:44:17.0392 2356 amdxata - ok
13:44:17.0452 2356 [ 7D9E301AB3247765702D0B65E2E47E50 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys
13:44:17.0452 2356 AMPPAL - ok
13:44:17.0532 2356 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:44:17.0532 2356 AppID - ok
13:44:17.0612 2356 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:44:17.0612 2356 AppIDSvc - ok
13:44:17.0662 2356 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
13:44:17.0662 2356 Appinfo - ok
13:44:17.0772 2356 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
13:44:17.0782 2356 arc - ok
13:44:17.0802 2356 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
13:44:17.0802 2356 arcsas - ok
13:44:17.0832 2356 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:44:17.0832 2356 AsyncMac - ok
13:44:17.0942 2356 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:44:17.0942 2356 atapi - ok
13:44:18.0052 2356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:44:18.0062 2356 AudioEndpointBuilder - ok
13:44:18.0072 2356 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:44:18.0072 2356 AudioSrv - ok
13:44:18.0132 2356 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:44:18.0132 2356 AxInstSV - ok
13:44:18.0192 2356 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
13:44:18.0202 2356 b06bdrv - ok
13:44:18.0252 2356 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:44:18.0252 2356 b57nd60a - ok
13:44:18.0312 2356 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:44:18.0312 2356 BDESVC - ok
13:44:18.0352 2356 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:44:18.0352 2356 Beep - ok
13:44:18.0472 2356 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:44:18.0482 2356 BFE - ok
13:44:18.0522 2356 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
13:44:18.0532 2356 BITS - ok
13:44:18.0592 2356 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
13:44:18.0602 2356 blbdrive - ok
13:44:18.0652 2356 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:44:18.0652 2356 bowser - ok
13:44:18.0722 2356 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:44:18.0732 2356 BrFiltLo - ok
13:44:18.0762 2356 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:44:18.0762 2356 BrFiltUp - ok
13:44:18.0822 2356 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
13:44:18.0822 2356 BridgeMP - ok
13:44:18.0912 2356 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:44:18.0912 2356 Browser - ok
13:44:18.0932 2356 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:44:18.0942 2356 Brserid - ok
13:44:18.0962 2356 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:44:18.0962 2356 BrSerWdm - ok
13:44:18.0992 2356 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:44:18.0992 2356 BrUsbMdm - ok
13:44:19.0012 2356 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:44:19.0022 2356 BrUsbSer - ok
13:44:19.0152 2356 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
13:44:19.0152 2356 BthEnum - ok
13:44:19.0212 2356 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
13:44:19.0212 2356 BTHMODEM - ok
13:44:19.0242 2356 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
13:44:19.0242 2356 BthPan - ok
13:44:19.0312 2356 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
13:44:19.0322 2356 BTHPORT - ok
13:44:19.0362 2356 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:44:19.0372 2356 bthserv - ok
13:44:19.0412 2356 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
13:44:19.0412 2356 BTHUSB - ok
13:44:19.0472 2356 [ 7A2CE8C1BF4DAA1F2766E21E9CA11078 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
13:44:19.0472 2356 btwampfl - ok
13:44:19.0522 2356 [ A75BF6802A967F5AACECC3C67FEBDF55 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
13:44:19.0522 2356 btwaudio - ok
13:44:19.0562 2356 [ D895DC213EDBDA5FCC53AAD1F1E0E63B ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
13:44:19.0562 2356 btwavdt - ok
13:44:19.0672 2356 [ 692F8648D7686D91E34A65AC698019D8 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:44:19.0682 2356 btwdins - ok
13:44:19.0692 2356 [ 07096D2BC22CCB6CEA5A532DF0BE8A75 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
13:44:19.0702 2356 btwl2cap - ok
13:44:19.0712 2356 [ 6D7AA2BDE0135599C5F230D69DB3B420 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
13:44:19.0712 2356 btwrchid - ok
13:44:19.0742 2356 catchme - ok
13:44:19.0832 2356 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:44:19.0832 2356 cdfs - ok
13:44:19.0872 2356 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
13:44:19.0872 2356 cdrom - ok
13:44:19.0942 2356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:44:19.0942 2356 CertPropSvc - ok
13:44:19.0992 2356 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
13:44:19.0992 2356 circlass - ok
13:44:20.0102 2356 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:44:20.0112 2356 CLFS - ok
13:44:20.0162 2356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:44:20.0162 2356 clr_optimization_v2.0.50727_32 - ok
13:44:20.0272 2356 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:44:20.0272 2356 clr_optimization_v2.0.50727_64 - ok
13:44:20.0322 2356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:44:20.0332 2356 clr_optimization_v4.0.30319_32 - ok
13:44:20.0402 2356 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:44:20.0402 2356 clr_optimization_v4.0.30319_64 - ok
13:44:20.0472 2356 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
13:44:20.0472 2356 clwvd - ok
13:44:20.0542 2356 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:44:20.0552 2356 CmBatt - ok
13:44:20.0582 2356 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:44:20.0582 2356 cmdide - ok
13:44:20.0662 2356 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:44:20.0662 2356 CNG - ok
13:44:20.0712 2356 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:44:20.0712 2356 Compbatt - ok
13:44:20.0762 2356 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:44:20.0772 2356 CompositeBus - ok
13:44:20.0812 2356 COMSysApp - ok
13:44:20.0842 2356 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
13:44:20.0842 2356 crcdisk - ok
13:44:20.0892 2356 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:44:20.0892 2356 CryptSvc - ok
13:44:21.0002 2356 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
13:44:21.0002 2356 ctxusbm - ok
13:44:21.0152 2356 [ 15C2AFD86D8A58354FC100434C78B621 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
13:44:21.0162 2356 dc3d - ok
13:44:21.0222 2356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:44:21.0232 2356 DcomLaunch - ok
13:44:21.0252 2356 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:44:21.0252 2356 defragsvc - ok
13:44:21.0302 2356 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:44:21.0302 2356 DfsC - ok
13:44:21.0382 2356 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
13:44:21.0392 2356 dg_ssudbus - ok
13:44:21.0432 2356 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:44:21.0432 2356 Dhcp - ok
13:44:21.0512 2356 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:44:21.0512 2356 discache - ok
13:44:21.0552 2356 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
13:44:21.0572 2356 Disk - ok
13:44:21.0612 2356 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:44:21.0612 2356 Dnscache - ok
13:44:21.0662 2356 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:44:21.0672 2356 dot3svc - ok
13:44:21.0702 2356 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:44:21.0702 2356 DPS - ok
13:44:21.0742 2356 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:44:21.0742 2356 drmkaud - ok
13:44:21.0782 2356 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:44:21.0792 2356 DXGKrnl - ok
13:44:21.0822 2356 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:44:21.0822 2356 EapHost - ok
13:44:21.0872 2356 [ 3C9BE677ACA31AF8F2B7E5270B2BEED3 ] easytether C:\Windows\system32\DRIVERS\easytthr.sys
13:44:21.0872 2356 easytether - ok
13:44:21.0972 2356 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
13:44:22.0002 2356 ebdrv - ok
13:44:22.0062 2356 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:44:22.0062 2356 EFS - ok
13:44:22.0252 2356 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:44:22.0262 2356 ehRecvr - ok
13:44:22.0292 2356 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:44:22.0292 2356 ehSched - ok
13:44:22.0352 2356 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
13:44:22.0362 2356 elxstor - ok
13:44:22.0412 2356 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:44:22.0412 2356 ErrDev - ok
13:44:22.0442 2356 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:44:22.0442 2356 EventSystem - ok
13:44:22.0602 2356 [ E3A96D5AE6E5C7B5472011BA77353368 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:44:22.0612 2356 EvtEng - ok
13:44:22.0662 2356 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:44:22.0662 2356 exfat - ok
13:44:22.0702 2356 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:44:22.0702 2356 fastfat - ok
13:44:22.0772 2356 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:44:22.0782 2356 Fax - ok
13:44:22.0882 2356 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:44:22.0882 2356 fdc - ok
13:44:22.0922 2356 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:44:22.0922 2356 fdPHost - ok
13:44:22.0972 2356 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:44:22.0972 2356 FDResPub - ok
13:44:23.0002 2356 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:44:23.0012 2356 FileInfo - ok
13:44:23.0022 2356 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:44:23.0022 2356 Filetrace - ok
13:44:23.0062 2356 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:44:23.0062 2356 flpydisk - ok
13:44:23.0072 2356 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:44:23.0072 2356 FltMgr - ok
13:44:23.0122 2356 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
13:44:23.0132 2356 FontCache - ok
13:44:23.0192 2356 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:44:23.0202 2356 FontCache3.0.0.0 - ok
13:44:23.0302 2356 [ CDC54DB949D1E2BBF86B0C7AB86B912E ] FPLService C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
13:44:23.0302 2356 FPLService - ok
13:44:23.0332 2356 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:44:23.0332 2356 FsDepends - ok
13:44:23.0382 2356 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:44:23.0382 2356 Fs_Rec - ok
13:44:23.0452 2356 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:44:23.0452 2356 fvevol - ok
13:44:23.0492 2356 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
13:44:23.0492 2356 gagp30kx - ok
13:44:23.0582 2356 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:44:23.0592 2356 GameConsoleService - ok
13:44:23.0622 2356 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:44:23.0632 2356 gpsvc - ok
13:44:23.0712 2356 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:44:23.0722 2356 gusvc - ok
13:44:23.0762 2356 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:44:23.0762 2356 hcw85cir - ok
13:44:23.0832 2356 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:44:23.0832 2356 HdAudAddService - ok
13:44:23.0902 2356 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:44:23.0902 2356 HDAudBus - ok
13:44:23.0912 2356 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
13:44:23.0912 2356 HidBatt - ok
13:44:23.0932 2356 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
13:44:23.0932 2356 HidBth - ok
13:44:23.0972 2356 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
13:44:23.0972 2356 HidIr - ok
13:44:24.0012 2356 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
13:44:24.0012 2356 hidserv - ok
13:44:24.0062 2356 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
13:44:24.0062 2356 HidUsb - ok
13:44:24.0122 2356 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:44:24.0122 2356 hkmsvc - ok
13:44:24.0242 2356 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:44:24.0252 2356 HomeGroupListener - ok
13:44:24.0302 2356 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:44:24.0302 2356 HomeGroupProvider - ok
13:44:24.0422 2356 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:44:24.0422 2356 HP Support Assistant Service - ok
13:44:24.0522 2356 [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
13:44:24.0522 2356 HP Wireless Assistant Service - ok
13:44:24.0572 2356 [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
13:44:24.0582 2356 HPClientSvc - ok
13:44:24.0622 2356 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
13:44:24.0622 2356 hpdskflt - ok
13:44:24.0732 2356 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:44:24.0732 2356 hpqcxs08 - ok
13:44:24.0752 2356 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:44:24.0752 2356 hpqddsvc - ok
13:44:24.0812 2356 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:44:24.0822 2356 hpqwmiex - ok
13:44:24.0912 2356 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:44:24.0912 2356 HpSAMD - ok
13:44:24.0972 2356 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
13:44:24.0982 2356 HPSLPSVC - ok
13:44:25.0022 2356 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
13:44:25.0022 2356 hpsrv - ok
13:44:25.0062 2356 [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
13:44:25.0062 2356 HPWMISVC - ok
13:44:25.0132 2356 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:44:25.0142 2356 HTTP - ok
13:44:25.0172 2356 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:44:25.0172 2356 hwpolicy - ok
13:44:25.0232 2356 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:44:25.0232 2356 i8042prt - ok
13:44:25.0282 2356 [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
13:44:25.0282 2356 iaStor - ok
13:44:25.0362 2356 [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
13:44:25.0362 2356 IAStorDataMgrSvc - ok
13:44:25.0432 2356 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:44:25.0432 2356 iaStorV - ok
13:44:25.0572 2356 [ D72BF0AE484F88399E8343E821C10D6A ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
13:44:25.0592 2356 IconMan_R - ok
13:44:25.0652 2356 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:44:25.0662 2356 idsvc - ok
13:44:25.0942 2356 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:44:26.0162 2356 igfx - ok
13:44:26.0202 2356 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
13:44:26.0202 2356 iirsp - ok
13:44:26.0272 2356 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:44:26.0282 2356 IKEEXT - ok
13:44:26.0362 2356 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:44:26.0362 2356 IntcDAud - ok
13:44:26.0432 2356 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:44:26.0442 2356 intelide - ok
13:44:26.0662 2356 [ 8CB8667F5A3B5515F2585F3254F3AAF7 ] intelkmd C:\Windows\system32\DRIVERS\igdpmd64.sys
13:44:26.0852 2356 intelkmd - ok
13:44:26.0912 2356 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:44:26.0912 2356 intelppm - ok
13:44:26.0952 2356 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:44:26.0952 2356 IPBusEnum - ok
13:44:26.0982 2356 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:44:26.0982 2356 IpFilterDriver - ok
13:44:27.0042 2356 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:44:27.0052 2356 iphlpsvc - ok
13:44:27.0102 2356 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:44:27.0102 2356 IPMIDRV - ok
13:44:27.0112 2356 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:44:27.0112 2356 IPNAT - ok
13:44:27.0162 2356 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:44:27.0162 2356 IRENUM - ok
13:44:27.0242 2356 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:44:27.0242 2356 isapnp - ok
13:44:27.0292 2356 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:44:27.0302 2356 iScsiPrt - ok
13:44:27.0312 2356 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:44:27.0312 2356 kbdclass - ok
13:44:27.0332 2356 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:44:27.0332 2356 kbdhid - ok
13:44:27.0402 2356 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:44:27.0402 2356 KeyIso - ok
13:44:27.0442 2356 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:44:27.0442 2356 KSecDD - ok
13:44:27.0482 2356 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:44:27.0482 2356 KSecPkg - ok
13:44:27.0512 2356 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:44:27.0512 2356 ksthunk - ok
13:44:27.0562 2356 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:44:27.0562 2356 KtmRm - ok
13:44:27.0622 2356 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
13:44:27.0622 2356 LanmanServer - ok
13:44:27.0662 2356 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:44:27.0662 2356 LanmanWorkstation - ok
13:44:27.0772 2356 [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:44:27.0772 2356 LightScribeService - ok
13:44:27.0812 2356 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:44:27.0812 2356 lltdio - ok
13:44:27.0852 2356 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:44:27.0852 2356 lltdsvc - ok
13:44:27.0912 2356 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:44:27.0912 2356 lmhosts - ok
13:44:27.0992 2356 [ C463A25F01C6237295917417C5E9E344 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:44:27.0992 2356 LMS - ok
13:44:28.0032 2356 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
13:44:28.0032 2356 LSI_FC - ok
13:44:28.0082 2356 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
13:44:28.0082 2356 LSI_SAS - ok
13:44:28.0112 2356 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:44:28.0112 2356 LSI_SAS2 - ok
13:44:28.0122 2356 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:44:28.0132 2356 LSI_SCSI - ok
13:44:28.0142 2356 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:44:28.0142 2356 luafv - ok
13:44:28.0202 2356 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:44:28.0202 2356 Mcx2Svc - ok
13:44:28.0232 2356 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
13:44:28.0232 2356 megasas - ok
13:44:28.0302 2356 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
13:44:28.0302 2356 MegaSR - ok
13:44:28.0342 2356 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
13:44:28.0352 2356 MEIx64 - ok
13:44:28.0452 2356 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:44:28.0452 2356 Microsoft Office Groove Audit Service - ok
13:44:28.0502 2356 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:44:28.0502 2356 MMCSS - ok
13:44:28.0532 2356 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:44:28.0532 2356 Modem - ok
13:44:28.0572 2356 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:44:28.0572 2356 monitor - ok
13:44:28.0622 2356 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:44:28.0622 2356 mouclass - ok
13:44:28.0652 2356 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:44:28.0652 2356 mouhid - ok
13:44:28.0692 2356 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:44:28.0702 2356 mountmgr - ok
13:44:28.0742 2356 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:44:28.0742 2356 mpio - ok
13:44:28.0782 2356 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:44:28.0782 2356 mpsdrv - ok
13:44:28.0842 2356 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:44:28.0842 2356 MpsSvc - ok
13:44:28.0912 2356 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:44:28.0912 2356 MRxDAV - ok
13:44:28.0952 2356 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:44:28.0952 2356 mrxsmb - ok
13:44:28.0992 2356 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:44:28.0992 2356 mrxsmb10 - ok
13:44:29.0022 2356 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:44:29.0032 2356 mrxsmb20 - ok
13:44:29.0072 2356 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:44:29.0072 2356 msahci - ok
13:44:29.0102 2356 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:44:29.0102 2356 msdsm - ok
13:44:29.0122 2356 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:44:29.0132 2356 MSDTC - ok
13:44:29.0162 2356 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:44:29.0162 2356 Msfs - ok
13:44:29.0202 2356 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:44:29.0202 2356 mshidkmdf - ok
13:44:29.0212 2356 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:44:29.0212 2356 msisadrv - ok
13:44:29.0252 2356 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:44:29.0252 2356 MSiSCSI - ok
13:44:29.0262 2356 msiserver - ok
13:44:29.0322 2356 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:44:29.0322 2356 MSKSSRV - ok
13:44:29.0362 2356 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:44:29.0362 2356 MSPCLOCK - ok
13:44:29.0362 2356 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:44:29.0362 2356 MSPQM - ok
13:44:29.0402 2356 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:44:29.0402 2356 MsRPC - ok
13:44:29.0422 2356 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:44:29.0422 2356 mssmbios - ok
13:44:29.0442 2356 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:44:29.0442 2356 MSTEE - ok
13:44:29.0462 2356 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
13:44:29.0462 2356 MTConfig - ok
13:44:29.0472 2356 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:44:29.0472 2356 Mup - ok
13:44:29.0562 2356 [ 8F57DB74BF5407A4CDA6C8B005DC8DD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:44:29.0562 2356 MyWiFiDHCPDNS - ok
13:44:29.0602 2356 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:44:29.0602 2356 napagent - ok
13:44:29.0682 2356 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:44:29.0692 2356 NativeWifiP - ok
13:44:29.0762 2356 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:44:29.0772 2356 NDIS - ok
13:44:29.0812 2356 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:44:29.0812 2356 NdisCap - ok
13:44:29.0852 2356 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:44:29.0852 2356 NdisTapi - ok
13:44:29.0882 2356 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:44:29.0892 2356 Ndisuio - ok
13:44:29.0932 2356 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:44:29.0932 2356 NdisWan - ok
13:44:29.0982 2356 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:44:29.0982 2356 NDProxy - ok
13:44:30.0012 2356 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:44:30.0012 2356 Net Driver HPZ12 - ok
13:44:30.0062 2356 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:44:30.0062 2356 NetBIOS - ok
13:44:30.0092 2356 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:44:30.0092 2356 NetBT - ok
13:44:30.0132 2356 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:44:30.0132 2356 Netlogon - ok
13:44:30.0202 2356 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:44:30.0202 2356 Netman - ok
13:44:30.0232 2356 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:44:30.0242 2356 netprofm - ok
13:44:30.0282 2356 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:44:30.0282 2356 NetTcpPortSharing - ok
13:44:30.0452 2356 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
13:44:30.0492 2356 netw5v64 - ok
13:44:30.0712 2356 [ 50AD7F7040C22BB7CAA59A0880875A21 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
13:44:30.0782 2356 NETwNs64 - ok
13:44:30.0812 2356 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
13:44:30.0812 2356 nfrd960 - ok
13:44:30.0882 2356 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:44:30.0892 2356 NlaSvc - ok
13:44:30.0942 2356 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:44:30.0942 2356 Npfs - ok
13:44:31.0002 2356 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:44:31.0002 2356 nsi - ok
13:44:31.0032 2356 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:44:31.0032 2356 nsiproxy - ok
13:44:31.0082 2356 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:44:31.0092 2356 Ntfs - ok
13:44:31.0222 2356 [ 317020D31F1696334679B9D0416EB62E ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
13:44:31.0222 2356 NuidFltr - ok
13:44:31.0242 2356 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:44:31.0242 2356 Null - ok
13:44:31.0282 2356 [ 9A33100AC62A0463C49E47EE8E77083A ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
13:44:31.0282 2356 nusb3hub - ok
13:44:31.0322 2356 [ 87C321F7BEE646B7EC6EEDD6EB725741 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:44:31.0332 2356 nusb3xhc - ok
13:44:31.0402 2356 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:44:31.0402 2356 nvraid - ok
13:44:31.0432 2356 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:44:31.0432 2356 nvstor - ok
13:44:31.0512 2356 [ 23E6A6A7D4930B70D9FFFD371450EF1C ] NvtlService C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
13:44:31.0512 2356 NvtlService - ok
13:44:31.0552 2356 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:44:31.0552 2356 nv_agp - ok
13:44:31.0612 2356 [ A3FADCF96ABF4803E7A946CD48641AC3 ] NWVMModem C:\Windows\system32\DRIVERS\nwvmmdm.sys
13:44:31.0612 2356 NWVMModem - ok
13:44:31.0672 2356 [ A3FADCF96ABF4803E7A946CD48641AC3 ] NWVMPort C:\Windows\system32\DRIVERS\nwvmser.sys
13:44:31.0672 2356 NWVMPort - ok
13:44:31.0712 2356 [ A3FADCF96ABF4803E7A946CD48641AC3 ] NWVMPort2 C:\Windows\system32\DRIVERS\nwvmser2.sys
13:44:31.0712 2356 NWVMPort2 - ok
13:44:31.0862 2356 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:44:31.0862 2356 odserv - ok
13:44:31.0882 2356 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:44:31.0882 2356 ohci1394 - ok
13:44:31.0982 2356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:44:31.0982 2356 ose - ok
13:44:32.0032 2356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:44:32.0032 2356 p2pimsvc - ok
13:44:32.0092 2356 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:44:32.0102 2356 p2psvc - ok
13:44:32.0162 2356 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
13:44:32.0162 2356 Parport - ok
13:44:32.0242 2356 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:44:32.0242 2356 partmgr - ok
13:44:32.0252 2356 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:44:32.0252 2356 PcaSvc - ok
13:44:32.0292 2356 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:44:32.0292 2356 pci - ok
13:44:32.0332 2356 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:44:32.0332 2356 pciide - ok
13:44:32.0372 2356 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
13:44:32.0372 2356 pcmcia - ok
13:44:32.0412 2356 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:44:32.0412 2356 pcw - ok
13:44:32.0452 2356 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:44:32.0462 2356 PEAUTH - ok
13:44:32.0552 2356 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:44:32.0552 2356 PerfHost - ok
13:44:32.0622 2356 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:44:32.0632 2356 pla - ok
13:44:32.0712 2356 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:44:32.0722 2356 PlugPlay - ok
13:44:32.0782 2356 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:44:32.0782 2356 Pml Driver HPZ12 - ok
13:44:32.0842 2356 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:44:32.0842 2356 PNRPAutoReg - ok
13:44:32.0862 2356 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:44:32.0862 2356 PNRPsvc - ok
13:44:32.0942 2356 [ 33328FA8A580885AB0065BE6DB266E9F ] Point64 C:\Windows\system32\DRIVERS\point64.sys
13:44:32.0942 2356 Point64 - ok
13:44:33.0042 2356 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:44:33.0042 2356 PolicyAgent - ok
13:44:33.0072 2356 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:44:33.0072 2356 Power - ok
13:44:33.0122 2356 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:44:33.0122 2356 PptpMiniport - ok
13:44:33.0172 2356 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
13:44:33.0172 2356 Processor - ok
13:44:33.0202 2356 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:44:33.0212 2356 ProfSvc - ok
13:44:33.0222 2356 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:44:33.0232 2356 ProtectedStorage - ok
13:44:33.0272 2356 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:44:33.0282 2356 Psched - ok
13:44:33.0332 2356 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
13:44:33.0352 2356 ql2300 - ok
13:44:33.0372 2356 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
13:44:33.0372 2356 ql40xx - ok
13:44:33.0422 2356 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:44:33.0422 2356 QWAVE - ok
13:44:33.0452 2356 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:44:33.0462 2356 QWAVEdrv - ok
13:44:33.0482 2356 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:44:33.0482 2356 RasAcd - ok
13:44:33.0512 2356 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:44:33.0512 2356 RasAgileVpn - ok
13:44:33.0522 2356 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:44:33.0522 2356 RasAuto - ok
13:44:33.0562 2356 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:44:33.0562 2356 Rasl2tp - ok
13:44:33.0662 2356 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:44:33.0662 2356 RasMan - ok
13:44:33.0712 2356 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:44:33.0712 2356 RasPppoe - ok
13:44:33.0732 2356 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:44:33.0732 2356 RasSstp - ok
13:44:33.0782 2356 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:44:33.0792 2356 rdbss - ok
13:44:33.0802 2356 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
13:44:33.0802 2356 rdpbus - ok
13:44:33.0842 2356 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:44:33.0842 2356 RDPCDD - ok
13:44:33.0882 2356 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:44:33.0882 2356 RDPENCDD - ok
13:44:33.0922 2356 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:44:33.0922 2356 RDPREFMP - ok
13:44:33.0952 2356 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:44:33.0952 2356 RDPWD - ok
13:44:34.0002 2356 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:44:34.0012 2356 rdyboost - ok
13:44:34.0192 2356 [ FD11C1287D38A46FB72353E14D50089C ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:44:34.0192 2356 RegSrvc - ok
13:44:34.0222 2356 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:44:34.0222 2356 RemoteAccess - ok
13:44:34.0262 2356 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:44:34.0262 2356 RemoteRegistry - ok
13:44:34.0332 2356 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
13:44:34.0332 2356 RFCOMM - ok
13:44:34.0392 2356 [ 71B48DDAF5E9C2B40E64DE5C405F5AAC ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:44:34.0392 2356 RimUsb - ok
13:44:34.0462 2356 [ C903D49655B4AAE46673F0AAA6BE0F58 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:44:34.0462 2356 RimVSerPort - ok
13:44:34.0472 2356 [ 388D3DD1A6457280F3BADBA9F3ACD6B1 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
13:44:34.0472 2356 ROOTMODEM - ok
13:44:34.0532 2356 [ C1568E17039B2EC2B73A4F880DDD51E5 ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
13:44:34.0542 2356 RoxioNow Service - ok
13:44:34.0582 2356 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:44:34.0582 2356 RpcEptMapper - ok
13:44:34.0602 2356 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:44:34.0602 2356 RpcLocator - ok
13:44:34.0632 2356 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll
13:44:34.0642 2356 RpcSs - ok
13:44:34.0742 2356 [ 1F5E7AF59B390261A85F5BEDB1BB88B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
13:44:34.0742 2356 RSPCIESTOR - ok
13:44:34.0802 2356 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:44:34.0812 2356 rspndr - ok
13:44:34.0872 2356 [ ED5873F7DFB2F96D37F13322211B6BDC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:44:34.0882 2356 RTL8167 - ok
13:44:34.0912 2356 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:44:34.0912 2356 SamSs - ok
13:44:34.0972 2356 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:44:34.0972 2356 sbp2port - ok
13:44:35.0002 2356 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:44:35.0002 2356 SCardSvr - ok
13:44:35.0032 2356 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:44:35.0032 2356 scfilter - ok
13:44:35.0092 2356 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:44:35.0102 2356 Schedule - ok
13:44:35.0152 2356 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:44:35.0152 2356 SCPolicySvc - ok
13:44:35.0202 2356 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
13:44:35.0202 2356 sdbus - ok
13:44:35.0262 2356 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:44:35.0262 2356 SDRSVC - ok
13:44:35.0302 2356 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:44:35.0302 2356 secdrv - ok
13:44:35.0332 2356 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:44:35.0332 2356 seclogon - ok
13:44:35.0412 2356 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
13:44:35.0412 2356 SENS - ok
13:44:35.0452 2356 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:44:35.0452 2356 SensrSvc - ok
13:44:35.0492 2356 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
13:44:35.0502 2356 Serenum - ok
13:44:35.0512 2356 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
13:44:35.0522 2356 Serial - ok
13:44:35.0562 2356 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
13:44:35.0562 2356 sermouse - ok
13:44:35.0592 2356 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:44:35.0592 2356 SessionEnv - ok
13:44:35.0622 2356 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:44:35.0622 2356 sffdisk - ok
13:44:35.0632 2356 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:44:35.0632 2356 sffp_mmc - ok
13:44:35.0642 2356 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:44:35.0642 2356 sffp_sd - ok
13:44:35.0652 2356 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
13:44:35.0652 2356 sfloppy - ok
13:44:35.0722 2356 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:44:35.0732 2356 SharedAccess - ok
13:44:35.0802 2356 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:44:35.0812 2356 ShellHWDetection - ok
13:44:35.0872 2356 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:44:35.0872 2356 SiSRaid2 - ok
13:44:35.0932 2356 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
13:44:35.0932 2356 SiSRaid4 - ok
13:44:36.0012 2356 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:44:36.0012 2356 SkypeUpdate - ok
13:44:36.0052 2356 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:44:36.0052 2356 Smb - ok
13:44:36.0092 2356 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:44:36.0092 2356 SNMPTRAP - ok
13:44:36.0122 2356 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:44:36.0122 2356 spldr - ok
13:44:36.0162 2356 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:44:36.0162 2356 Spooler - ok
13:44:36.0272 2356 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:44:36.0302 2356 sppsvc - ok
13:44:36.0342 2356 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:44:36.0342 2356 sppuinotify - ok
13:44:36.0372 2356 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:44:36.0372 2356 srv - ok
13:44:36.0402 2356 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:44:36.0412 2356 srv2 - ok
13:44:36.0482 2356 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:44:36.0482 2356 SrvHsfHDA - ok
13:44:36.0522 2356 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:44:36.0542 2356 SrvHsfV92 - ok
13:44:36.0562 2356 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:44:36.0572 2356 SrvHsfWinac - ok
13:44:36.0622 2356 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:44:36.0622 2356 srvnet - ok
13:44:36.0692 2356 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:44:36.0692 2356 SSDPSRV - ok
13:44:36.0702 2356 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:44:36.0702 2356 SstpSvc - ok
13:44:36.0762 2356 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
13:44:36.0772 2356 ssudmdm - ok
13:44:36.0852 2356 [ 20E27AA5BCC01C2149830C05FE22F675 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
13:44:36.0862 2356 STacSV - ok
13:44:36.0902 2356 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
13:44:36.0902 2356 stexstor - ok
13:44:36.0952 2356 [ BEB37CE4E7456F5EFA52D783D1E06D8C ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
13:44:36.0962 2356 STHDA - ok
13:44:37.0002 2356 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
13:44:37.0002 2356 StillCam - ok
13:44:37.0052 2356 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:44:37.0062 2356 stisvc - ok
13:44:37.0112 2356 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:44:37.0132 2356 swenum - ok
13:44:37.0152 2356 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:44:37.0162 2356 swprv - ok
13:44:37.0282 2356 [ C447977ED2A4AE9346FE3A0579A34D7C ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:44:37.0302 2356 SynTP - ok
13:44:37.0352 2356 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:44:37.0372 2356 SysMain - ok
13:44:37.0422 2356 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:44:37.0422 2356 TabletInputService - ok
13:44:37.0452 2356 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:44:37.0462 2356 TapiSrv - ok
13:44:37.0512 2356 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:44:37.0512 2356 TBS - ok
13:44:37.0582 2356 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:44:37.0602 2356 Tcpip - ok
13:44:37.0662 2356 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:44:37.0662 2356 TCPIP6 - ok
13:44:37.0702 2356 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:44:37.0702 2356 tcpipreg - ok
13:44:37.0732 2356 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:44:37.0732 2356 TDPIPE - ok
13:44:37.0762 2356 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:44:37.0762 2356 TDTCP - ok
13:44:37.0802 2356 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:44:37.0812 2356 tdx - ok
13:44:37.0842 2356 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:44:37.0842 2356 TermDD - ok
13:44:37.0872 2356 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:44:37.0882 2356 TermService - ok
13:44:37.0912 2356 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:44:37.0912 2356 Themes - ok
13:44:37.0942 2356 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:44:37.0952 2356 THREADORDER - ok
13:44:37.0962 2356 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:44:37.0962 2356 TrkWks - ok
13:44:38.0032 2356 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:44:38.0042 2356 TrustedInstaller - ok
13:44:38.0082 2356 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:44:38.0082 2356 tssecsrv - ok
13:44:38.0142 2356 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:44:38.0142 2356 TsUsbFlt - ok
13:44:38.0202 2356 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:44:38.0202 2356 tunnel - ok
13:44:38.0222 2356 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
13:44:38.0222 2356 uagp35 - ok
13:44:38.0272 2356 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:44:38.0272 2356 udfs - ok
13:44:38.0292 2356 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:44:38.0292 2356 UI0Detect - ok
13:44:38.0332 2356 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:44:38.0332 2356 uliagpkx - ok
13:44:38.0422 2356 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
13:44:38.0422 2356 umbus - ok
13:44:38.0432 2356 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:44:38.0442 2356 UmPass - ok
13:44:38.0592 2356 [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:44:38.0602 2356 UNS - ok
13:44:38.0622 2356 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:44:38.0622 2356 upnphost - ok
13:44:38.0682 2356 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:44:38.0682 2356 usbccgp - ok
13:44:38.0712 2356 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:44:38.0712 2356 usbcir - ok
13:44:38.0732 2356 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:44:38.0732 2356 usbehci - ok
13:44:38.0752 2356 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:44:38.0762 2356 usbhub - ok
13:44:38.0772 2356 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:44:38.0772 2356 usbohci - ok
13:44:38.0832 2356 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:44:38.0832 2356 usbprint - ok
13:44:38.0852 2356 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:44:38.0852 2356 USBSTOR - ok
13:44:38.0902 2356 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:44:38.0902 2356 usbuhci - ok
13:44:38.0952 2356 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
13:44:38.0952 2356 usbvideo - ok
13:44:38.0982 2356 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:44:38.0982 2356 UxSms - ok
13:44:38.0992 2356 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:44:38.0992 2356 VaultSvc - ok
13:44:39.0022 2356 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:44:39.0022 2356 vdrvroot - ok
13:44:39.0052 2356 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:44:39.0062 2356 vds - ok
13:44:39.0112 2356 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:44:39.0112 2356 vga - ok
13:44:39.0122 2356 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:44:39.0122 2356 VgaSave - ok
13:44:39.0172 2356 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:44:39.0172 2356 vhdmp - ok
13:44:39.0212 2356 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:44:39.0212 2356 viaide - ok
13:44:39.0252 2356 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:44:39.0252 2356 volmgr - ok
13:44:39.0312 2356 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:44:39.0312 2356 volmgrx - ok
13:44:39.0332 2356 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:44:39.0342 2356 volsnap - ok
13:44:39.0392 2356 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
13:44:39.0402 2356 vsmraid - ok
13:44:39.0472 2356 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:44:39.0492 2356 VSS - ok
13:44:39.0522 2356 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:44:39.0522 2356 vwifibus - ok
13:44:39.0602 2356 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:44:39.0612 2356 vwififlt - ok
13:44:39.0622 2356 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:44:39.0622 2356 vwifimp - ok
13:44:39.0642 2356 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:44:39.0652 2356 W32Time - ok
13:44:39.0672 2356 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
13:44:39.0672 2356 WacomPen - ok
13:44:39.0742 2356 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:44:39.0742 2356 WANARP - ok
13:44:39.0742 2356 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:44:39.0742 2356 Wanarpv6 - ok
13:44:39.0842 2356 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:44:39.0852 2356 WatAdminSvc - ok
13:44:39.0902 2356 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:44:39.0922 2356 wbengine - ok
13:44:39.0952 2356 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:44:39.0962 2356 WbioSrvc - ok
13:44:40.0012 2356 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:44:40.0012 2356 wcncsvc - ok
13:44:40.0022 2356 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:44:40.0022 2356 WcsPlugInService - ok
13:44:40.0042 2356 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
13:44:40.0042 2356 Wd - ok
13:44:40.0072 2356 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:44:40.0082 2356 Wdf01000 - ok
13:44:40.0092 2356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:44:40.0092 2356 WdiServiceHost - ok
13:44:40.0102 2356 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:44:40.0102 2356 WdiSystemHost - ok
13:44:40.0132 2356 [ 94DC2BF6CBAAA95E369C3756D3115A76 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
13:44:40.0132 2356 wdkmd - ok
13:44:40.0162 2356 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:44:40.0162 2356 WebClient - ok
13:44:40.0202 2356 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:44:40.0202 2356 Wecsvc - ok
13:44:40.0242 2356 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:44:40.0242 2356 wercplsupport - ok
13:44:40.0272 2356 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:44:40.0282 2356 WerSvc - ok
13:44:40.0322 2356 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:44:40.0322 2356 WfpLwf - ok
13:44:40.0342 2356 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:44:40.0342 2356 WIMMount - ok
13:44:40.0382 2356 WinDefend - ok
13:44:40.0382 2356 WinHttpAutoProxySvc - ok
13:44:40.0422 2356 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:44:40.0432 2356 Winmgmt - ok
13:44:40.0472 2356 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:44:40.0492 2356 WinRM - ok
13:44:40.0542 2356 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
13:44:40.0542 2356 WinUsb - ok
13:44:40.0622 2356 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:44:40.0632 2356 Wlansvc - ok
13:44:40.0692 2356 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:44:40.0692 2356 wlcrasvc - ok
13:44:40.0822 2356 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:44:40.0842 2356 wlidsvc - ok
13:44:40.0922 2356 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:44:40.0922 2356 WmiAcpi - ok
13:44:40.0982 2356 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:44:40.0982 2356 wmiApSrv - ok
13:44:41.0002 2356 WMPNetworkSvc - ok
13:44:41.0062 2356 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:44:41.0062 2356 WPCSvc - ok
13:44:41.0092 2356 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:44:41.0102 2356 WPDBusEnum - ok
13:44:41.0132 2356 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:44:41.0132 2356 ws2ifsl - ok
13:44:41.0212 2356 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
13:44:41.0212 2356 wscsvc - ok
13:44:41.0212 2356 WSearch - ok
13:44:41.0262 2356 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:44:41.0292 2356 wuauserv - ok
13:44:41.0382 2356 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:44:41.0382 2356 WudfPf - ok
13:44:41.0412 2356 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:44:41.0412 2356 WUDFRd - ok
13:44:41.0442 2356 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:44:41.0442 2356 wudfsvc - ok
13:44:41.0472 2356 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
13:44:41.0472 2356 WwanSvc - ok
13:44:41.0542 2356 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
13:44:41.0542 2356 yukonw7 - ok
13:44:41.0572 2356 ================ Scan global ===============================
13:44:41.0622 2356 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:44:41.0662 2356 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:44:41.0662 2356 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
13:44:41.0702 2356 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:44:41.0752 2356 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:44:41.0752 2356 [Global] - ok
13:44:41.0752 2356 ================ Scan MBR ==================================
13:44:41.0792 2356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:44:41.0792 2356 Suspicious mbr (Forged): \Device\Harddisk0\DR0
13:44:41.0862 2356 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:44:41.0862 2356 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:44:41.0872 2356 [ F14C6A6761E39A932CDF3F9A4B8BE09F ] \Device\Harddisk1\DR1
13:44:46.0452 2356 \Device\Harddisk1\DR1 - ok
13:44:46.0452 2356 ================ Scan VBR ==================================
13:44:46.0452 2356 [ 2CC0A12B6F6F07E37077A7CCFA8B1EC1 ] \Device\Harddisk0\DR0\Partition1
13:44:46.0452 2356 \Device\Harddisk0\DR0\Partition1 - ok
13:44:46.0482 2356 [ CCC4118B1CE7C08A6B9CA0EF0B307218 ] \Device\Harddisk0\DR0\Partition2
13:44:46.0482 2356 \Device\Harddisk0\DR0\Partition2 - ok
13:44:46.0502 2356 [ 4FFF0B24AC3C58A8C4F67D02A753469B ] \Device\Harddisk0\DR0\Partition3
13:44:46.0502 2356 \Device\Harddisk0\DR0\Partition3 - ok
13:44:46.0502 2356 ============================================================
13:44:46.0502 2356 Scan finished
13:44:46.0502 2356 ============================================================
13:44:46.0512 10500 Detected object count: 1
13:44:46.0512 10500 Actual detected object count: 1
13:44:53.0062 10500 \Device\Harddisk0\DR0\# - copied to quarantine
13:44:53.0062 10500 \Device\Harddisk0\DR0 - copied to quarantine
13:44:53.0282 10500 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:44:53.0292 10500 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:44:53.0292 10500 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:44:53.0302 10500 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:44:53.0302 10500 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:44:53.0312 10500 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:44:53.0312 10500 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:44:53.0312 10500 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:44:53.0312 10500 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:44:53.0312 10500 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:44:53.0312 10500 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:44:53.0322 10500 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:44:53.0322 10500 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:44:53.0322 10500 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:44:53.0332 10500 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:44:53.0332 10500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:44:53.0362 10500 \Device\Harddisk0\DR0 - ok
13:44:53.0612 10500 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:45:05.0932 5924 Deinitialize success
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I will run an OTL fix without reboot, as soon as it has finished re-run TDSSKiller
If it blue screens we will need to repair outside of windows.
Do you have either :
A repair my computer option on the safe mode menu
The windows DVD

If you have neither do you have access to a USB of at least 1Gb

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
[2012/10/24 16:37:10 | 000,000,000 | ---D | C] -- C:\73534f5037c0c4bb2c7f7bf6
[2012/10/20 08:01:31 | 000,000,000 | ---D | C] -- C:\cfad15b7ff69dfb697f1208557276373

:Files
C:\Windows\Installer\{96f3d1ab-4200-38c7-4661-32f7fdef6143}
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{96f3d1ab-4200-38c7-4661-32f7fdef6143}
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#15
Firemedic828

Firemedic828

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
First, I have the repair my computer option in safe mode and I also have a USB drive with 8gb capacity.

Second, I ran OTL as requested. Here is the results:

OTL logfile created on: 11/21/2012 8:31:14 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.95 Gb Total Physical Memory | 3.34 Gb Available Physical Memory | 56.11% Memory free
11.90 Gb Paging File | 9.10 Gb Available in Paging File | 76.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 579.12 Gb Total Space | 448.49 Gb Free Space | 77.44% Space Free | Partition Type: NTFS
Drive D: | 16.76 Gb Total Space | 2.10 Gb Free Space | 12.51% Space Free | Partition Type: NTFS
Drive F: | 977.02 Mb Total Space | 7.23 Mb Free Space | 0.74% Space Free | Partition Type: FAT32

Computer Name: DONWARD-HP | User Name: Don Ward | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/21 08:23:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/23 13:26:24 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/11 01:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/12/07 08:06:00 | 000,249,672 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2010/12/07 08:05:52 | 000,634,696 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2010/12/07 08:05:38 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/11/18 14:57:28 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/11/09 18:20:36 | 000,586,296 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 16:28:26 | 000,726,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010/10/12 16:24:38 | 000,304,568 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/07/29 21:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/16 17:52:14 | 000,331,776 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\TotalMedia Backup\uBBMonitor.exe
PRC - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/19 12:09:51 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c5653b035f5e272c8cac8b851e6fcc67\IAStorUtil.ni.dll
MOD - [2012/11/19 12:09:51 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\7cb92ddc443ed7c85f3c8ef9f5c0f15f\IAStorCommon.ni.dll
MOD - [2012/11/19 12:04:49 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/19 12:04:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/19 12:04:13 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/19 12:04:07 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/19 12:03:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/19 12:03:41 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/19 12:03:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/19 12:03:21 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/19 12:02:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/22 16:00:58 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/11/22 16:00:58 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/11/22 16:00:58 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2010/11/18 15:09:10 | 001,699,384 | ---- | M] () -- C:\Users\Don Ward\AppData\Roaming\PictureMover\EN-US\Presentation.dll
MOD - [2010/11/18 14:57:42 | 012,284,984 | ---- | M] () -- C:\Users\Don Ward\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/03/23 13:28:51 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/03/23 13:28:50 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/07/27 20:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 19:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 19:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/27 10:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/12/30 20:10:00 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 22:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/29 21:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/07/21 17:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/19 18:19:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/23 13:27:37 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/07 08:06:00 | 000,249,672 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2010/11/23 13:26:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/11/23 13:26:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/09 18:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/09/11 04:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/24 17:52:30 | 000,082,432 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe -- (NvtlService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/28 14:22:48 | 000,020,784 | ---- | M] (Mobile Stream) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\easytthr.sys -- (easytether)
DRV:64bit: - [2012/05/11 06:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/05/11 06:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/23 13:28:52 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/23 13:27:37 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/03/23 13:26:24 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2012/03/23 13:26:24 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2012/03/23 13:25:20 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/08 06:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 16:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/06/10 12:37:16 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/27 10:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 10:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/04/13 14:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/04/13 14:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/04/08 22:00:20 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/12/30 20:39:22 | 008,281,600 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/12/30 19:33:06 | 000,292,864 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/16 20:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2010/12/16 20:39:08 | 012,256,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/11 01:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/12/01 07:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 03:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/20 16:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/20 16:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/20 16:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/14 11:51:56 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010/07/14 09:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/03/02 17:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser2.sys -- (NWVMPort2)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmser.sys -- (NWVMPort)
DRV:64bit: - [2009/05/15 13:34:30 | 000,213,376 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nwvmmdm.sys -- (NWVMModem)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/11/20 03:23:17 | 000,035,664 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD4B71D6-75EC-4961-9E38-67E086E06EB9}\MpKsl30406769.sys -- (MpKsl30406769)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {b7fca997-d0fb-4fe0-8afd-255e89cf9671}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{BBE3009B-DE5D-4C55-BA51-37954B908D8D}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/04/26 21:28:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 15:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/08/07 23:11:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/07 23:11:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/16 12:36:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/05/18 15:20:49 | 000,000,000 | ---D | M]

[2011/05/06 06:17:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Extensions
[2012/08/01 16:25:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions
[2012/08/07 23:11:37 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/08/01 16:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Don Ward\AppData\Roaming\Mozilla\Firefox\Profiles\fapywo1e.default\extensions\[email protected]
[2012/08/16 16:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/25 21:30:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/08/07 23:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2012/08/16 16:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/05/07 05:12:43 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2011/11/13 15:39:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/12 15:33:32 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/10/12 15:37:06 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/10/12 15:35:42 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/10/12 15:34:56 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2011/12/12 10:25:05 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/22 17:01:16 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/12 17:16:54 | 000,484,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2010/10/12 15:37:02 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012/08/01 16:06:43 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/01 16:06:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/27 10:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml
[2012/08/01 16:06:56 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/11/16 15:48:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Set UA String (BHO)) - {3CE56DB6-FCBE-4422-9454-63C354178985} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EasyTether] C:\Program Files\Mobile Stream\EasyTether\easytthr.exe (Mobile Stream)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: UA Button - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O9 - Extra 'Tools' menuitem : Set UA St&ring - {7CD59A63-0815-46D0-B474-2E5BCFCADD7C} - C:\Program Files (x86)\UAPick\UABtn.dll (Bayden Systems)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmai..._downloader.cab (Closet Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B491DA81-27F7-4053-B0AA-9E80BC24141D}: DhcpNameServer = 65.32.5.111 65.32.5.112 0.0.0.0
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 18:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/11/18 18:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/11/18 18:06:10 | 000,000,000 | ---D | C] -- C:\0ace7ac4c476217a15ef87
[2012/11/18 18:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/11/18 18:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/16 16:10:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/16 15:54:08 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/11/16 15:52:40 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Don Ward\Desktop\tdsskiller.exe
[2012/11/16 15:42:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/16 15:42:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/16 15:42:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/16 15:42:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/16 15:42:23 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/16 15:40:27 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Don Ward\Desktop\ComboFix.exe
[2012/11/05 22:16:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UAPick
[2012/11/05 22:16:23 | 000,113,608 | ---- | C] (Bayden Systems) -- C:\Users\Don Ward\Desktop\UAPickSetup.exe
[2012/11/05 21:56:58 | 000,020,784 | ---- | C] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys
[2012/11/05 21:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mobile Stream
[2012/11/05 21:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache

========== Files - Modified Within 30 Days ==========

[2012/11/21 08:24:47 | 000,729,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/21 08:24:47 | 000,626,540 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/21 08:24:47 | 000,107,784 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/21 08:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/21 08:17:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/20 03:30:59 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 03:30:59 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 03:23:26 | 000,423,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/20 03:22:23 | 495,865,855 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/20 03:06:31 | 000,002,148 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/19 14:05:08 | 000,744,030 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/11/19 13:50:06 | 564,965,166 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/11/19 11:46:26 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/11/18 18:04:10 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 21:21:29 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDONWARD-HP$.job
[2012/11/16 15:48:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/11/16 13:56:04 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDon Ward.job
[2012/11/16 11:07:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Don Ward\Desktop\tdsskiller.exe
[2012/11/16 11:07:32 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Don Ward\Desktop\ComboFix.exe
[2012/11/05 22:14:42 | 000,113,608 | ---- | M] (Bayden Systems) -- C:\Users\Don Ward\Desktop\UAPickSetup.exe
[2012/10/28 14:22:48 | 000,020,784 | ---- | M] (Mobile Stream) -- C:\Windows\SysNative\drivers\easytthr.sys

========== Files Created - No Company Name ==========

[2012/11/20 03:04:23 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/19 14:05:10 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/11/19 11:44:17 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/18 18:04:10 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/16 15:42:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/16 15:42:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/16 15:42:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/16 15:42:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/16 15:42:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/05 21:57:30 | 000,002,533 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTether.lnk
[2012/09/25 11:40:15 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/01 18:31:47 | 000,007,605 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\Resmon.ResmonCfg
[2012/08/01 16:00:24 | 000,161,719 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\census.cache
[2012/08/01 16:00:21 | 000,113,549 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\ars.cache
[2012/08/01 15:49:34 | 000,000,036 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\housecall.guid.cache
[2012/03/23 13:25:25 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/05/19 17:39:44 | 000,026,624 | ---- | C] () -- C:\Users\Don Ward\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/18 15:17:26 | 000,232,957 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011/05/18 15:17:26 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2011/05/06 15:46:07 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/04/26 21:23:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/26 21:07:24 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/04/26 21:06:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/26 21:06:36 | 000,207,376 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/26 21:06:36 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/26 21:06:35 | 000,003,028 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/10 23:01:11 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/12/20 20:25:37 | 000,000,135 | ---- | C] () -- C:\Users\Don Ward\AppData\Roaming\default.pls
[2008/05/21 15:03:50 | 000,000,042 | ---- | C] () -- C:\Users\Don Ward\default.pls

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/01 16:06:33 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Babylon
[2012/08/07 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\BabylonToolbar
[2012/05/08 08:20:56 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\BitTorrent
[2011/05/27 08:49:54 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Blackberry Desktop
[2012/01/12 15:04:31 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\calibre
[2011/12/12 10:25:05 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Catalina Marketing Corp
[2012/11/06 01:48:05 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\ICAClient
[2012/08/22 12:56:21 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Panda Security
[2011/05/05 08:55:09 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\PictureMover
[2011/05/06 14:28:12 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Research In Motion
[2011/05/05 08:54:01 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Synaptics
[2011/06/14 21:19:03 | 000,000,000 | ---D | M] -- C:\Users\Don Ward\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP